Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
datasett.exe

Overview

General Information

Sample name:datasett.exe
Analysis ID:1580468
MD5:3a90d6fa7c4cccd6ec03eb0667807b5b
SHA1:3c88e16a010d5b464be251107bfb17de08daa445
SHA256:339b04f57ff45915e7eb52ec9dca9bc85375a13028ade3d310a357fb79c4e5b0
Tags:exesolvolume-funuser-aachum
Infos:

Detection

Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Contains functionality to infect the boot sector
Found pyInstaller with non standard icon
Potentially malicious time measurement code found
Uses schtasks.exe or at.exe to add and modify task schedules
Binary contains a suspicious time stamp
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May check the online IP address of the machine
May use bcdedit to modify the Windows boot settings
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • datasett.exe (PID: 6864 cmdline: "C:\Users\user\Desktop\datasett.exe" MD5: 3A90D6FA7C4CCCD6EC03EB0667807B5B)
    • datasett.exe (PID: 5756 cmdline: "C:\Users\user\Desktop\datasett.exe" MD5: 3A90D6FA7C4CCCD6EC03EB0667807B5B)
      • cmd.exe (PID: 2916 cmdline: C:\Windows\system32\cmd.exe /c schtasks /create /sc MINUTE /mo 15 /tn "VirboUpd" /tr "C:\Users\user\Desktop\datasett.exe" /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 1448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • schtasks.exe (PID: 5968 cmdline: schtasks /create /sc MINUTE /mo 15 /tn "VirboUpd" /tr "C:\Users\user\Desktop\datasett.exe" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
  • datasett.exe (PID: 5052 cmdline: C:\Users\user\Desktop\datasett.exe MD5: 3A90D6FA7C4CCCD6EC03EB0667807B5B)
    • datasett.exe (PID: 2836 cmdline: C:\Users\user\Desktop\datasett.exe MD5: 3A90D6FA7C4CCCD6EC03EB0667807B5B)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: datasett.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: datasett.exeReversingLabs: Detection: 34%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.2% probability
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B21CC0 PyCMethod_New,CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,clock,clock,clock,clock,CryptReleaseContext,1_2_61B21CC0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B21CC0 PyCMethod_New,CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,clock,clock,clock,clock,CryptReleaseContext,6_2_61B21CC0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE013461A0 ERR_put_error,CRYPTO_free,ERR_put_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,6_2_00007FFE013461A0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE0133E1B0 CRYPTO_THREAD_run_once,6_2_00007FFE0133E1B0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01360160 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,6_2_00007FFE01360160
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01322365 CRYPTO_free,CRYPTO_malloc,ERR_put_error,memcpy,6_2_00007FFE01322365
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01338210 EVP_PKEY_CTX_new,EVP_PKEY_derive_init,EVP_PKEY_derive_set_peer,EVP_PKEY_derive,CRYPTO_malloc,EVP_PKEY_derive,CRYPTO_clear_free,EVP_PKEY_CTX_free,6_2_00007FFE01338210
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE0132E220 CRYPTO_malloc,6_2_00007FFE0132E220
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE0135A1E0 CRYPTO_memcmp,6_2_00007FFE0135A1E0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE013361F0 CRYPTO_free,6_2_00007FFE013361F0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE0137C080 CRYPTO_memcmp,6_2_00007FFE0137C080
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE013240AA BIO_get_data,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_clear_flags,BIO_get_data,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,6_2_00007FFE013240AA
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE013360B8 CRYPTO_free,CRYPTO_strdup,6_2_00007FFE013360B8
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE0133C070 CRYPTO_zalloc,ERR_put_error,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,6_2_00007FFE0133C070
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01322216 CRYPTO_malloc,ERR_put_error,memcpy,CRYPTO_free,CRYPTO_free,6_2_00007FFE01322216
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01321050 EVP_PKEY_free,BN_num_bits,BN_bn2bin,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_clear_free,6_2_00007FFE01321050
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE013221BC _time64,CRYPTO_free,CRYPTO_malloc,EVP_sha256,EVP_Digest,EVP_MD_size,CRYPTO_free,CRYPTO_free,6_2_00007FFE013221BC
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01321E79 CRYPTO_free,CRYPTO_malloc,6_2_00007FFE01321E79
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE013215C8 EVP_MD_CTX_new,EVP_PKEY_size,CRYPTO_malloc,EVP_DigestSignInit,RSA_pkey_ctx_ctrl,RSA_pkey_ctx_ctrl,EVP_DigestUpdate,EVP_DigestSignFinal,EVP_DigestSign,BUF_reverse,CRYPTO_free,EVP_MD_CTX_free,CRYPTO_free,EVP_MD_CTX_free,6_2_00007FFE013215C8
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01370350 CRYPTO_free,CRYPTO_free,CRYPTO_strndup,6_2_00007FFE01370350
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE013222C0 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error,6_2_00007FFE013222C0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01328410 CRYPTO_zalloc,ERR_put_error,6_2_00007FFE01328410
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01321BC7 CRYPTO_strdup,CRYPTO_free,6_2_00007FFE01321BC7
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01360430 CRYPTO_free,CRYPTO_free,6_2_00007FFE01360430
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01321FB9 CRYPTO_free,6_2_00007FFE01321FB9
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01321131 CRYPTO_free,6_2_00007FFE01321131
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01380250 EVP_PKEY_get0_RSA,RSA_size,CRYPTO_malloc,RAND_priv_bytes,CRYPTO_free,6_2_00007FFE01380250
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01321CB7 CRYPTO_clear_free,6_2_00007FFE01321CB7
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01321523 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,6_2_00007FFE01321523
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01342310 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,6_2_00007FFE01342310
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE0136833B CRYPTO_clear_free,6_2_00007FFE0136833B
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01321B7C CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,6_2_00007FFE01321B7C
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01321AC3 CRYPTO_malloc,ERR_put_error,CRYPTO_free,6_2_00007FFE01321AC3
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01388570 CRYPTO_free,CRYPTO_malloc,ERR_put_error,6_2_00007FFE01388570
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01354630 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,6_2_00007FFE01354630
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01324487 CRYPTO_zalloc,ERR_put_error,BIO_set_init,BIO_set_data,BIO_clear_flags,6_2_00007FFE01324487
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01321F0F CRYPTO_free,6_2_00007FFE01321F0F
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE0132135C memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,6_2_00007FFE0132135C
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE0135A460 CRYPTO_free,CRYPTO_memdup,6_2_00007FFE0135A460
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01321762 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error,6_2_00007FFE01321762
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE013284C0 CRYPTO_zalloc,ERR_put_error,BUF_MEM_grow,6_2_00007FFE013284C0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE0132240F CRYPTO_free,BIO_clear_flags,BIO_set_flags,BIO_snprintf,ERR_add_error_data,memcpy,6_2_00007FFE0132240F
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01321F32 CRYPTO_free,CRYPTO_malloc,RAND_bytes,6_2_00007FFE01321F32
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE0134C790 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_put_error,6_2_00007FFE0134C790
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE013727B0 EVP_CIPHER_CTX_free,EVP_MD_CTX_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,6_2_00007FFE013727B0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01380760 BN_bin2bn,BN_ucmp,BN_is_zero,CRYPTO_free,CRYPTO_strdup,6_2_00007FFE01380760
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01321BDB EVP_MD_size,RAND_bytes,_time64,CRYPTO_free,CRYPTO_memdup,6_2_00007FFE01321BDB
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE0132214E CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,ENGINE_finish,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,CRYPTO_THREAD_lock_free,CRYPTO_free,6_2_00007FFE0132214E
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01321393 OPENSSL_sk_new_null,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_clear_error,OPENSSL_sk_value,X509_get0_pubkey,X509_free,X509_up_ref,X509_free,OPENSSL_sk_pop_free,6_2_00007FFE01321393
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE013787F0 CRYPTO_memcmp,6_2_00007FFE013787F0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE0132132A CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,6_2_00007FFE0132132A
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE0135A680 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,6_2_00007FFE0135A680
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01322225 CRYPTO_free,6_2_00007FFE01322225
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE013246B0 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,6_2_00007FFE013246B0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE0132101E CRYPTO_free,CRYPTO_free,6_2_00007FFE0132101E
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01321C03 CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,6_2_00007FFE01321C03
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE013606C0 CRYPTO_memcmp,6_2_00007FFE013606C0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01321DBB BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_put_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,6_2_00007FFE01321DBB
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01328980 CRYPTO_free,6_2_00007FFE01328980
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01321FCD CRYPTO_malloc,ERR_put_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,6_2_00007FFE01321FCD
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01368947 CRYPTO_malloc,6_2_00007FFE01368947
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01380950 OPENSSL_sk_new_null,d2i_X509,CRYPTO_free,CRYPTO_memcmp,OPENSSL_sk_push,OPENSSL_sk_num,CRYPTO_free,X509_free,OPENSSL_sk_pop_free,OPENSSL_sk_value,X509_get0_pubkey,X509_free,OPENSSL_sk_shift,OPENSSL_sk_pop_free,6_2_00007FFE01380950
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE0134CA20 ERR_put_error,CRYPTO_realloc,CRYPTO_realloc,ERR_put_error,6_2_00007FFE0134CA20
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE013609E0 CRYPTO_free,CRYPTO_memdup,6_2_00007FFE013609E0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE0133A9F0 CRYPTO_THREAD_run_once,6_2_00007FFE0133A9F0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE0133C8B0 OPENSSL_sk_num,X509_STORE_CTX_new,ERR_put_error,OPENSSL_sk_value,X509_STORE_CTX_init,ERR_put_error,X509_STORE_CTX_free,X509_STORE_CTX_set_flags,CRYPTO_THREAD_run_once,X509_STORE_CTX_set_ex_data,OPENSSL_sk_num,X509_STORE_CTX_set0_dane,X509_STORE_CTX_set_default,X509_VERIFY_PARAM_set1,X509_STORE_CTX_set_verify_cb,X509_verify_cert,X509_STORE_CTX_get_error,OPENSSL_sk_pop_free,X509_STORE_CTX_get0_chain,X509_STORE_CTX_get1_chain,ERR_put_error,X509_VERIFY_PARAM_move_peername,X509_STORE_CTX_free,6_2_00007FFE0133C8B0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01321D5C CRYPTO_clear_free,6_2_00007FFE01321D5C
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01322464 CRYPTO_malloc,memcpy,6_2_00007FFE01322464
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE0134C930 CRYPTO_free,CRYPTO_free,6_2_00007FFE0134C930
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01378BA0 CRYPTO_free,CRYPTO_memdup,6_2_00007FFE01378BA0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01321479 CRYPTO_free,CRYPTO_free,CRYPTO_memdup,6_2_00007FFE01321479
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE0132163B CRYPTO_free,CRYPTO_malloc,6_2_00007FFE0132163B
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01321195 CRYPTO_malloc,ERR_put_error,memcpy,CRYPTO_free,CRYPTO_free,6_2_00007FFE01321195
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE0136CB60 EVP_CIPHER_CTX_free,CRYPTO_free,CRYPTO_free,6_2_00007FFE0136CB60
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01322306 CRYPTO_memcmp,memchr,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,6_2_00007FFE01322306
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01321924 BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,CRYPTO_free,CRYPTO_strdup,6_2_00007FFE01321924
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01321078 CRYPTO_free,6_2_00007FFE01321078
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01360BD0 CRYPTO_free,CRYPTO_strndup,6_2_00007FFE01360BD0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE0134CBE0 ERR_put_error,ERR_put_error,ERR_put_error,EVP_MD_size,ERR_put_error,ERR_put_error,ERR_put_error,CRYPTO_zalloc,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,d2i_X509,X509_get0_pubkey,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_put_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_put_error,ERR_put_error,6_2_00007FFE0134CBE0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01354A90 CRYPTO_zalloc,ERR_put_error,_time64,CRYPTO_THREAD_lock_new,ERR_put_error,CRYPTO_free,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,memcpy,6_2_00007FFE01354A90
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01358A60 CRYPTO_zalloc,CRYPTO_free,6_2_00007FFE01358A60
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE0136AB30 EVP_PKEY_get1_tls_encodedpoint,CRYPTO_free,EVP_PKEY_free,6_2_00007FFE0136AB30
Source: datasett.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb## source: _decimal.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\win32event.pdb source: datasett.exe, 00000000.00000003.1673033158.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916641506.00007FFE11BB5000.00000002.00000001.01000000.00000016.sdmp, datasett.exe, 00000005.00000003.1727990973.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1760479789.00007FFE0C0A5000.00000002.00000001.01000000.0000002C.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbMM source: datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916066006.00007FFE0EB5D000.00000002.00000001.01000000.00000014.sdmp, datasett.exe, 00000005.00000003.1721207686.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1759850177.00007FFE0074D000.00000002.00000001.01000000.0000002A.sdmp, _lzma.pyd.5.dr
Source: Binary string: D:\_w\1\b\bin\amd64\select.pdb source: datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2917570393.00007FFE148E4000.00000002.00000001.01000000.0000000A.sdmp, datasett.exe, 00000005.00000003.1727282533.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1761926164.00007FFE11074000.00000002.00000001.01000000.00000020.sdmp, select.pyd.5.dr, select.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2917028198.00007FFE120C3000.00000002.00000001.01000000.00000015.sdmp, datasett.exe, 00000005.00000003.1722333278.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1760668819.00007FFE0CF83000.00000002.00000001.01000000.0000002B.sdmp, _uuid.pyd.0.dr
Source: Binary string: MSTTSLoc.pdbGCTL source: MSTTSLoc.dll.0.dr
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: datasett.exe, 00000001.00000002.2915687874.00007FFE01445000.00000002.00000001.01000000.0000000D.sdmp, datasett.exe, 00000006.00000002.1760119655.00007FFE01395000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916312250.00007FFE1030E000.00000002.00000001.01000000.00000013.sdmp, datasett.exe, 00000005.00000003.1716730085.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1760283252.00007FFE014CE000.00000002.00000001.01000000.00000029.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: datasett.exe, 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmp, datasett.exe, 00000006.00000002.1758697606.00007FFDFA91F000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: SpeechUX.pdb source: SpeechUX.dll.5.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2917339362.00007FFE130C3000.00000002.00000001.01000000.0000000F.sdmp, datasett.exe, 00000005.00000003.1721765801.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1761741700.00007FFE10233000.00000002.00000001.01000000.00000025.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_ssl.pdb source: datasett.exe, 00000001.00000002.2916407431.00007FFE1150D000.00000002.00000001.01000000.0000000B.sdmp, datasett.exe, 00000006.00000002.1760767373.00007FFE0CF9D000.00000002.00000001.01000000.00000021.sdmp, _ssl.pyd.5.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\win32api.pdb!! source: datasett.exe, 00000001.00000002.2915837657.00007FFE0E143000.00000002.00000001.01000000.00000019.sdmp, datasett.exe, 00000006.00000002.1759648415.00007FFE00183000.00000002.00000001.01000000.0000002F.sdmp, win32api.pyd.0.dr, win32api.pyd.5.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916749884.00007FFE11EA7000.00000002.00000001.01000000.0000000E.sdmp, datasett.exe, 00000005.00000003.1720689626.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1760572192.00007FFE0C0B7000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: SpTip.pdbGCTL source: datasett.exe, 00000000.00000003.1675507745.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1730534935.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: datasett.exe, 00000000.00000003.1667361976.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916545747.00007FFE117E5000.00000002.00000001.01000000.00000018.sdmp, datasett.exe, 00000005.00000003.1716634961.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1760381109.00007FFE0B2C5000.00000002.00000001.01000000.0000002E.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916066006.00007FFE0EB5D000.00000002.00000001.01000000.00000014.sdmp, datasett.exe, 00000005.00000003.1721207686.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1759850177.00007FFE0074D000.00000002.00000001.01000000.0000002A.sdmp, _lzma.pyd.5.dr
Source: Binary string: in32event.pdb source: datasett.exe
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1n 15 Mar 2022built on: Tue Mar 15 18:32:50 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: datasett.exe, 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmp, datasett.exe, 00000006.00000002.1758697606.00007FFDFA91F000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: datasett.exe, 00000000.00000003.1667214039.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2917766399.00007FFE1A481000.00000002.00000001.01000000.00000005.sdmp, datasett.exe, 00000005.00000003.1716510320.000001D3521D3000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1761534002.00007FFE101E1000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\pywintypes.pdb** source: datasett.exe, 00000001.00000002.2915941722.00007FFE0E170000.00000002.00000001.01000000.00000017.sdmp, datasett.exe, 00000006.00000002.1759754239.00007FFE001B0000.00000002.00000001.01000000.0000002D.sdmp
Source: Binary string: SpeechUX.pdbGCTL source: SpeechUX.dll.5.dr
Source: Binary string: MSTTSLoc.pdb source: MSTTSLoc.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_ctypes.pdb source: datasett.exe, 00000001.00000002.2916894677.00007FFE11ED1000.00000002.00000001.01000000.00000006.sdmp, datasett.exe, 00000006.00000002.1760911705.00007FFE0CFD1000.00000002.00000001.01000000.0000001C.sdmp, _ctypes.pyd.5.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\win32api.pdb source: datasett.exe, 00000001.00000002.2915837657.00007FFE0E143000.00000002.00000001.01000000.00000019.sdmp, datasett.exe, 00000006.00000002.1759648415.00007FFE00183000.00000002.00000001.01000000.0000002F.sdmp, win32api.pyd.0.dr, win32api.pyd.5.dr
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: datasett.exe, 00000001.00000002.2915687874.00007FFE01445000.00000002.00000001.01000000.0000000D.sdmp, datasett.exe, 00000006.00000002.1760119655.00007FFE01395000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: SpeechUXPS.pdbGCTL source: datasett.exe, 00000000.00000003.1676047096.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1731666439.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2917454297.00007FFE13309000.00000002.00000001.01000000.00000009.sdmp, datasett.exe, 00000005.00000003.1721954880.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1761102081.00007FFE0EB29000.00000002.00000001.01000000.0000001F.sdmp, _socket.pyd.5.dr, _socket.pyd.0.dr
Source: Binary string: SpTip.pdb source: datasett.exe, 00000000.00000003.1675507745.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1730534935.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\pywintypes.pdb source: datasett.exe, 00000001.00000002.2915941722.00007FFE0E170000.00000002.00000001.01000000.00000017.sdmp, datasett.exe, 00000006.00000002.1759754239.00007FFE001B0000.00000002.00000001.01000000.0000002D.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmp, datasett.exe, 00000005.00000003.1727515209.000001D3521DE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1759427402.00007FFDFBABB000.00000002.00000001.01000000.00000028.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\python39.pdb source: datasett.exe, 00000001.00000002.2915271158.00007FFDFB643000.00000002.00000001.01000000.00000004.sdmp, datasett.exe, 00000006.00000002.1759072943.00007FFDFAD53000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: SpeechUXPS.pdb source: datasett.exe, 00000000.00000003.1676047096.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1731666439.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: datasett.exe, 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmp, datasett.exe, 00000006.00000002.1758697606.00007FFDFA9A1000.00000002.00000001.01000000.00000022.sdmp
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF7996909B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7996909B4
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF799686714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF799686714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF799677820 FindFirstFileExW,FindClose,0_2_00007FF799677820
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF7996909B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF7996909B4
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF799686714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,1_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF799686714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,1_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF799677820 FindFirstFileExW,FindClose,1_2_00007FF799677820
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D3229 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,6_2_00007FFDFA6D3229
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE00173740 _PyArg_ParseTuple_SizeT,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyList_New,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindFirstFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,?PyObject_FromWIN32_FIND_DATAW@@YAPEAU_object@@PEAU_WIN32_FIND_DATAW@@@Z,PyList_Append,_Py_Dealloc,FindNextFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindClose,_Py_Dealloc,6_2_00007FFE00173740
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE001755D0 _PyArg_ParseTuple_SizeT,GetLogicalDriveStringsW,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,GetLogicalDriveStringsW,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W_J@Z,6_2_00007FFE001755D0
Source: Joe Sandbox ViewIP Address: 104.26.3.46 104.26.3.46
Source: unknownDNS query: name: iplogger.org
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B13000 WSAStartup,gethostbyname,socket,setsockopt,setsockopt,setsockopt,htons,sendto,sendto,recvfrom,recvfrom,ntohl,ntohl,ntohl,closesocket,WSACleanup,WSAGetLastError,closesocket,WSACleanup,SetLastError,WSAGetLastError,WSACleanup,SetLastError,1_2_61B13000
Source: global trafficDNS traffic detected: DNS query: iplogger.org
Source: datasett.exe, 00000001.00000002.2913572705.000001CA11710000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1746646839.0000028850A1F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757882425.0000028850D30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB851000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB851000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1716730085.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1718158484.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1727515209.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB855000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1727282533.000001D3521E4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1716730085.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1718158484.000001D3521D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10AE3000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2913343331.000001CA113A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl$hxw
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crlerr
Source: datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB851000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB855000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1727282533.000001D3521E4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1716730085.000001D3521D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB855000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1727282533.000001D3521E4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1716730085.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1718158484.000001D3521D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB851000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB851000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1721207686.000001D3521D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSign
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB855000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1727282533.000001D3521E4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1716730085.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1718158484.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1727515209.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB851000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: datasett.exe, 00000001.00000002.2913296015.000001CA112C0000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757849481.0000028850CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1755830091.000002884E312000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753785930.000002884E30E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753458207.000002884E30D000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754788827.000002884E311000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10AE3000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757216796.00000288508C0000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10AE3000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1755081662.0000028850539000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1746858969.00000288504DD000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1755383513.0000028850539000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753649523.000002885088E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756677827.0000028850539000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752944599.0000028850874000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752759804.0000028850537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: datasett.exe, 00000006.00000003.1754572349.00000288508EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://json.org
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.ese
Source: datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digi
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1716730085.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1718158484.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1727515209.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB855000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1727282533.000001D3521E4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1716730085.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1718158484.000001D3521D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB851000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB851000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digif
Source: datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912643746.000001CA10E85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10E85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/a
Source: datasett.exe, 00000001.00000002.2913193358.000001CA111D0000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757764425.0000028850BF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10AE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm9hxj
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/A
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB851000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1723056484.000001D3521E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1755318713.0000028850540000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1746858969.00000288504DD000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756677827.0000028850541000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753339807.000002885053F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752759804.0000028850537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: datasett.exe, 00000006.00000003.1754037534.0000028850461000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754075017.0000028850465000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754502410.000002885046D000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754328484.0000028850466000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756488404.0000028850470000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.robotstxt.org/norobots-rfc.txt
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113A0000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757339264.0000028850934000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.0000028850924000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753139716.0000028850932000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1755344880.0000028850934000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751520665.0000028850915000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: datasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org?format=json
Source: datasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
Source: datasett.exe, 00000001.00000002.2913023346.000001CA11070000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757610535.0000028850A90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757421956.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.000002885095E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752786045.0000028850945000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753256581.0000028850946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: datasett.exe, 00000001.00000003.1685920181.000001CA0EAB7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684134076.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680524631.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680369460.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683770842.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680369460.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680315220.000001CA0EADF000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683979233.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680192150.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684134076.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680524631.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683770842.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680684974.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680328707.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683979233.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683478506.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680684974.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683478506.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754037534.0000028850461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: datasett.exe, datasett.exe, 00000006.00000002.1759792495.00007FFE001C1000.00000002.00000001.01000000.0000002D.sdmp, datasett.exe, 00000006.00000002.1760517859.00007FFE0C0A9000.00000002.00000001.01000000.0000002C.sdmp, datasett.exe, 00000006.00000002.1759686551.00007FFE00191000.00000002.00000001.01000000.0000002F.sdmp, win32api.pyd.0.dr, win32api.pyd.5.drString found in binary or memory: https://github.com/mhammond/pywin32
Source: datasett.exe, 00000001.00000003.1685920181.000001CA0EAB7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684134076.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680369460.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680192150.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680524631.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683770842.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680684974.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912089151.000001CA102F0000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680328707.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683979233.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683478506.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756225617.0000028850060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: datasett.exe, 00000006.00000003.1754601960.000002884E349000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: datasett.exe, 00000001.00000003.1685920181.000001CA0EAB7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684134076.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680524631.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680369460.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683770842.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680369460.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680315220.000001CA0EADF000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683979233.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680192150.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684134076.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680524631.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683770842.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680684974.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680328707.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683979233.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683478506.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680684974.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683478506.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754037534.0000028850461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: datasett.exe, 00000001.00000003.1685920181.000001CA0EAB7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684134076.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680524631.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680369460.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683770842.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680369460.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680315220.000001CA0EADF000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683979233.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680192150.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684134076.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680524631.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683770842.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680684974.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680328707.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683979233.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683478506.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680684974.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683478506.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754037534.0000028850461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: datasett.exe, 00000001.00000002.2913023346.000001CA11070000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757610535.0000028850A90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754014840.00000288508C6000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: datasett.exe, 00000001.00000002.2913229256.000001CA11220000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757421956.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.0000028850955000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752786045.0000028850945000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753256581.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757792500.0000028850C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: datasett.exe, 00000006.00000002.1757792500.0000028850C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920p
Source: datasett.exe, 00000006.00000003.1753256581.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752439883.000002884E347000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10AE3000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757421956.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1755060297.00000288508C7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.0000028850955000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754014840.00000288508C6000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752786045.0000028850945000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753256581.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
Source: datasett.exe, 00000006.00000003.1754433045.000002884E3C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752494608.00000288508E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754249502.00000288508EB000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752863410.00000288508EA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754770494.00000288508F6000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754572349.00000288508EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: datasett.exe, 00000006.00000003.1752439883.000002884E347000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: datasett.exe, 00000006.00000002.1758008992.0000028850DD0000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756488404.0000028850470000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752999911.00000288504DD000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754572349.00000288508EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1755865343.000002884E32B000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753742679.000002884E325000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754885711.000002884E32A000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753458207.000002884E30D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: datasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/
Source: datasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://iplogger.org/Drop8VbLink
Source: datasett.exe, 00000006.00000002.1756885684.00000288505F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://iplogger.org/Drop8otstuk
Source: datasett.exe, 00000001.00000003.1685920181.000001CA0EAB7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1686004054.000001CA0EAF2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752494608.00000288508E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754249502.00000288508EB000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752863410.00000288508EA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754753546.00000288508FE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1743252369.000002884E3C0000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1743133519.000002884E3BC000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754572349.00000288508EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: datasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/C1vS7y2X
Source: datasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/fn5bRN1F
Source: datasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/uUbM2VAB
Source: datasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/uUbM2VAB__path__
Source: datasett.exe, 00000006.00000002.1759072943.00007FFDFAD53000.00000002.00000001.01000000.0000001A.sdmpString found in binary or memory: https://python.org/dev/peps/pep-0263/
Source: datasett.exe, 00000006.00000002.1758039593.0000028850E10000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1755865343.000002884E32B000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753742679.000002884E325000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754885711.000002884E32A000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753458207.000002884E30D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753093881.000002884E39C000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752439883.000002884E347000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753503603.000002884E3A2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753676136.000002884E3AE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756028776.000002884E3B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10AE3000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757421956.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753093881.000002884E39C000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.0000028850955000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752786045.0000028850945000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753256581.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752439883.000002884E347000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: datasett.exe, 00000001.00000002.2913193358.000001CA111D0000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757764425.0000028850BF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: datasett.exe, 00000001.00000002.2913158600.000001CA11190000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757734662.0000028850BB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: datasett.exe, 00000001.00000002.2913158600.000001CA11190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningspf
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1671352104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668412980.000002CBEB851000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669320414.000002CBEB852000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1672614789.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1725566995.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmp, datasett.exe, 00000001.00000002.2915732229.00007FFE0147A000.00000002.00000001.01000000.0000000D.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1758860580.00007FFDFAA17000.00000002.00000001.01000000.00000022.sdmp, datasett.exe, 00000006.00000002.1760185978.00007FFE013CA000.00000002.00000001.01000000.00000023.sdmpString found in binary or memory: https://www.openssl.org/H
Source: datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1755865343.000002884E32B000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753742679.000002884E325000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754885711.000002884E32A000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753458207.000002884E30D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: datasett.exe, 00000001.00000003.1685920181.000001CA0EAB7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1686004054.000001CA0EAF2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752494608.00000288508E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754249502.00000288508EB000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752863410.00000288508EA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754753546.00000288508FE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1743252369.000002884E3C0000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1743133519.000002884E3BC000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754572349.00000288508EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: datasett.exe, 00000000.00000003.1678160567.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912516810.000001CA10BD0000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1736245775.000001D3521D8000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756885684.00000288505F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/dev/peps/pep-0205/
Source: datasett.exe, 00000001.00000003.1684836609.000001CA0EAF8000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912253685.000001CA10880000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684777469.000001CA0EAEC000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684695963.000001CA0EAEC000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684754877.000001CA0EAF8000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1742795678.000002884E3B6000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756347653.00000288502A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10AE3000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757421956.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1755060297.00000288508C7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.0000028850955000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754014840.00000288508C6000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752786045.0000028850945000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753256581.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE00175140 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,GetKeyboardState,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,6_2_00007FFE00175140
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B13000 WSAStartup,gethostbyname,socket,setsockopt,setsockopt,setsockopt,htons,sendto,sendto,recvfrom,recvfrom,ntohl,ntohl,ntohl,closesocket,WSACleanup,WSAGetLastError,closesocket,WSACleanup,SetLastError,WSAGetLastError,WSACleanup,SetLastError,1_2_61B13000
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B13000 WSAStartup,gethostbyname,socket,setsockopt,setsockopt,setsockopt,htons,sendto,sendto,recvfrom,recvfrom,ntohl,ntohl,ntohl,closesocket,WSACleanup,WSAGetLastError,closesocket,WSACleanup,SetLastError,WSAGetLastError,WSACleanup,SetLastError,6_2_61B13000
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B9F1F8: DeviceIoControl,1_2_61B9F1F8
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE00175AC0 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,ExitWindowsEx,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,6_2_00007FFE00175AC0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE00175B60 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,ExitWindowsEx,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,6_2_00007FFE00175B60
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF79968FA080_2_00007FF79968FA08
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF799694E200_2_00007FF799694E20
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF799695D6C0_2_00007FF799695D6C
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF7996767800_2_00007FF799676780
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF7996931CC0_2_00007FF7996931CC
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF7996811C00_2_00007FF7996811C0
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF7996909B40_2_00007FF7996909B4
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF7996809A00_2_00007FF7996809A0
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF799671B900_2_00007FF799671B90
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF799698B680_2_00007FF799698B68
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF79968CC040_2_00007FF79968CC04
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF799682C040_2_00007FF799682C04
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF7996813C40_2_00007FF7996813C4
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF799688BA00_2_00007FF799688BA0
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF799680BA40_2_00007FF799680BA4
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF799681E700_2_00007FF799681E70
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF7996867140_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF79968FA080_2_00007FF79968FA08
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF7996865600_2_00007FF799686560
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF799692D300_2_00007FF799692D30
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF799680DB00_2_00007FF799680DB0
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF7996867140_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF7996958200_2_00007FF799695820
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF79968D0980_2_00007FF79968D098
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF79969509C0_2_00007FF79969509C
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF7996780A00_2_00007FF7996780A0
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF799684F500_2_00007FF799684F50
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF79968D7180_2_00007FF79968D718
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF7996828000_2_00007FF799682800
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF799680FB40_2_00007FF799680FB4
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF799686F980_2_00007FF799686F98
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B04A601_2_61B04A60
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B05E701_2_61B05E70
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B3F1E21_2_61B3F1E2
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B251201_2_61B25120
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B160801_2_61B16080
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B210101_2_61B21010
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B5E3101_2_61B5E310
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B563501_2_61B56350
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B463401_2_61B46340
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B0B2901_2_61B0B290
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B072201_2_61B07220
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B7C5C01_2_61B7C5C0
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B545301_2_61B54530
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B255101_2_61B25510
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B3F5701_2_61B3F570
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B154001_2_61B15400
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B097101_2_61B09710
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B656901_2_61B65690
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B7E6601_2_61B7E660
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B289001_2_61B28900
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B199601_2_61B19960
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B2B8D01_2_61B2B8D0
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B558301_2_61B55830
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B108201_2_61B10820
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B06BA01_2_61B06BA0
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B7CB901_2_61B7CB90
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B2BB501_2_61B2BB50
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B13B401_2_61B13B40
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B64A901_2_61B64A90
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B25A001_2_61B25A00
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B26A601_2_61B26A60
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B53D701_2_61B53D70
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B02D601_2_61B02D60
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B13CC01_2_61B13CC0
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B14C201_2_61B14C20
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B56FC01_2_61B56FC0
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B64F701_2_61B64F70
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B23F601_2_61B23F60
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B29F401_2_61B29F40
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B26E801_2_61B26E80
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B54E151_2_61B54E15
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B21E401_2_61B21E40
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF799695D6C1_2_00007FF799695D6C
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF79968FA081_2_00007FF79968FA08
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF7996931CC1_2_00007FF7996931CC
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF7996811C01_2_00007FF7996811C0
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF7996909B41_2_00007FF7996909B4
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF7996809A01_2_00007FF7996809A0
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF799671B901_2_00007FF799671B90
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF799698B681_2_00007FF799698B68
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF79968CC041_2_00007FF79968CC04
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF799682C041_2_00007FF799682C04
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF7996813C41_2_00007FF7996813C4
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF799688BA01_2_00007FF799688BA0
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF799680BA41_2_00007FF799680BA4
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF799681E701_2_00007FF799681E70
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF799694E201_2_00007FF799694E20
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF7996867141_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF79968FA081_2_00007FF79968FA08
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF7996865601_2_00007FF799686560
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF799692D301_2_00007FF799692D30
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF799680DB01_2_00007FF799680DB0
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF7996867141_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF7996958201_2_00007FF799695820
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF79968D0981_2_00007FF79968D098
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF79969509C1_2_00007FF79969509C
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF7996780A01_2_00007FF7996780A0
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF7996767801_2_00007FF799676780
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF799684F501_2_00007FF799684F50
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF79968D7181_2_00007FF79968D718
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF7996828001_2_00007FF799682800
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF799680FB41_2_00007FF799680FB4
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF799686F981_2_00007FF799686F98
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAEA12C01_2_00007FFDFAEA12C0
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAEA18901_2_00007FFDFAEA1890
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFB163B801_2_00007FFDFB163B80
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFB177BC01_2_00007FFDFB177BC0
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC6A871_2_00007FFDFAFC6A87
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC655F1_2_00007FFDFAFC655F
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC60A01_2_00007FFDFAFC60A0
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFB02FA001_2_00007FFDFB02FA00
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC41651_2_00007FFDFAFC4165
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC3FDA1_2_00007FFDFAFC3FDA
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC22E81_2_00007FFDFAFC22E8
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC21B71_2_00007FFDFAFC21B7
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC27661_2_00007FFDFAFC2766
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFB0F00101_2_00007FFDFB0F0010
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC32E71_2_00007FFDFAFC32E7
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFDBF201_2_00007FFDFAFDBF20
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC22891_2_00007FFDFAFC2289
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFDBD601_2_00007FFDFAFDBD60
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFB0F7CD01_2_00007FFDFB0F7CD0
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC30C11_2_00007FFDFAFC30C1
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC6EF11_2_00007FFDFAFC6EF1
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC5D8A1_2_00007FFDFAFC5D8A
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC29CD1_2_00007FFDFAFC29CD
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC6CBC1_2_00007FFDFAFC6CBC
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC114F1_2_00007FFDFAFC114F
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFDF2001_2_00007FFDFAFDF200
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFB0FB2001_2_00007FFDFB0FB200
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFDF0601_2_00007FFDFAFDF060
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC213F1_2_00007FFDFAFC213F
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC704A1_2_00007FFDFAFC704A
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFB1FF7D01_2_00007FFDFB1FF7D0
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC1EA11_2_00007FFDFAFC1EA1
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC6F281_2_00007FFDFAFC6F28
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFEB8501_2_00007FFDFAFEB850
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFEB4C01_2_00007FFDFAFEB4C0
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFB0F74F01_2_00007FFDFB0F74F0
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC51691_2_00007FFDFAFC5169
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC3B931_2_00007FFDFAFC3B93
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFB162C401_2_00007FFDFB162C40
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC60DC1_2_00007FFDFAFC60DC
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC4E4E1_2_00007FFDFAFC4E4E
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC5E251_2_00007FFDFAFC5E25
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFB14E8701_2_00007FFDFB14E870
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC23F11_2_00007FFDFAFC23F1
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC46331_2_00007FFDFAFC4633
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC72C51_2_00007FFDFAFC72C5
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFB0A2EB01_2_00007FFDFB0A2EB0
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFDEF001_2_00007FFDFAFDEF00
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC1B221_2_00007FFDFAFC1B22
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC4D041_2_00007FFDFAFC4D04
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC5DA31_2_00007FFDFAFC5DA3
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC5B0F1_2_00007FFDFAFC5B0F
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC34861_2_00007FFDFAFC3486
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFB0F63101_2_00007FFDFB0F6310
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC57D11_2_00007FFDFAFC57D1
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC47461_2_00007FFDFAFC4746
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC378D1_2_00007FFDFAFC378D
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC43591_2_00007FFDFAFC4359
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC1B311_2_00007FFDFAFC1B31
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC6FFF1_2_00007FFDFAFC6FFF
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC1CC11_2_00007FFDFAFC1CC1
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFB0F28501_2_00007FFDFB0F2850
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC1A4B1_2_00007FFDFAFC1A4B
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC5A601_2_00007FFDFAFC5A60
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC707C1_2_00007FFDFAFC707C
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC36931_2_00007FFDFAFC3693
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFB179B901_2_00007FFDFB179B90
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC50AB1_2_00007FFDFAFC50AB
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC35FD1_2_00007FFDFAFC35FD
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFB161AD01_2_00007FFDFB161AD0
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC59F71_2_00007FFDFAFC59F7
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC4F3E1_2_00007FFDFAFC4F3E
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC638E1_2_00007FFDFAFC638E
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC21351_2_00007FFDFAFC2135
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC53C11_2_00007FFDFAFC53C1
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC4AC51_2_00007FFDFAFC4AC5
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC54CF1_2_00007FFDFAFC54CF
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC216C1_2_00007FFDFAFC216C
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFB0F60101_2_00007FFDFB0F6010
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC72AC1_2_00007FFDFAFC72AC
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC16221_2_00007FFDFAFC1622
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC2D0B1_2_00007FFDFAFC2D0B
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC3BA21_2_00007FFDFAFC3BA2
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC736A1_2_00007FFDFAFC736A
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC72571_2_00007FFDFAFC7257
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC1D831_2_00007FFDFAFC1D83
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC29821_2_00007FFDFAFC2982
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC1CFD1_2_00007FFDFAFC1CFD
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC266C1_2_00007FFDFAFC266C
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC38321_2_00007FFDFAFC3832
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC3A851_2_00007FFDFAFC3A85
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFB1793C01_2_00007FFDFB1793C0
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC710D1_2_00007FFDFAFC710D
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC53A81_2_00007FFDFAFC53A8
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFDD2601_2_00007FFDFAFDD260
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC68CA1_2_00007FFDFAFC68CA
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B04A606_2_61B04A60
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B05E706_2_61B05E70
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B3F1E26_2_61B3F1E2
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B251206_2_61B25120
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B160806_2_61B16080
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B210106_2_61B21010
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B5E3106_2_61B5E310
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B563506_2_61B56350
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B463406_2_61B46340
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B0B2906_2_61B0B290
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B072206_2_61B07220
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B7C5C06_2_61B7C5C0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B545306_2_61B54530
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B255106_2_61B25510
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B3F5706_2_61B3F570
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B154006_2_61B15400
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B097106_2_61B09710
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B656906_2_61B65690
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B7E6606_2_61B7E660
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B289006_2_61B28900
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B199606_2_61B19960
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B2B8D06_2_61B2B8D0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B558306_2_61B55830
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B108206_2_61B10820
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B06BA06_2_61B06BA0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B7CB906_2_61B7CB90
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B2BB506_2_61B2BB50
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B13B406_2_61B13B40
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B64A906_2_61B64A90
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B25A006_2_61B25A00
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B26A606_2_61B26A60
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B53D706_2_61B53D70
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B02D606_2_61B02D60
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B13CC06_2_61B13CC0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B14C206_2_61B14C20
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B56FC06_2_61B56FC0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B64F706_2_61B64F70
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B23F606_2_61B23F60
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B29F406_2_61B29F40
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B26E806_2_61B26E80
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B54E156_2_61B54E15
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B21E406_2_61B21E40
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D6A876_2_00007FFDFA6D6A87
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D655F6_2_00007FFDFA6D655F
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA873B806_2_00007FFDFA873B80
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA887BC06_2_00007FFDFA887BC0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D22E86_2_00007FFDFA6D22E8
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D21B76_2_00007FFDFA6D21B7
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA73FA006_2_00007FFDFA73FA00
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D3FDA6_2_00007FFDFA6D3FDA
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D60A06_2_00007FFDFA6D60A0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D41656_2_00007FFDFA6D4165
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D22896_2_00007FFDFA6D2289
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6EBF206_2_00007FFDFA6EBF20
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D32E76_2_00007FFDFA6D32E7
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA8000106_2_00007FFDFA800010
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D27666_2_00007FFDFA6D2766
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D30C16_2_00007FFDFA6D30C1
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA807CD06_2_00007FFDFA807CD0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6EBD606_2_00007FFDFA6EBD60
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D6CBC6_2_00007FFDFA6D6CBC
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D29CD6_2_00007FFDFA6D29CD
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D5D8A6_2_00007FFDFA6D5D8A
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D6EF16_2_00007FFDFA6D6EF1
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6EF0606_2_00007FFDFA6EF060
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D213F6_2_00007FFDFA6D213F
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA80B2006_2_00007FFDFA80B200
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D114F6_2_00007FFDFA6D114F
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6EF2006_2_00007FFDFA6EF200
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D1EA16_2_00007FFDFA6D1EA1
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D6F286_2_00007FFDFA6D6F28
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6FB8506_2_00007FFDFA6FB850
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D704A6_2_00007FFDFA6D704A
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA90F7D06_2_00007FFDFA90F7D0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D3B936_2_00007FFDFA6D3B93
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6FB4C06_2_00007FFDFA6FB4C0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA8074F06_2_00007FFDFA8074F0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D51696_2_00007FFDFA6D5169
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA872C406_2_00007FFDFA872C40
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA85E8706_2_00007FFDFA85E870
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D23F16_2_00007FFDFA6D23F1
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D5E256_2_00007FFDFA6D5E25
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D4E4E6_2_00007FFDFA6D4E4E
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D60DC6_2_00007FFDFA6D60DC
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D1B226_2_00007FFDFA6D1B22
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA7B2EB06_2_00007FFDFA7B2EB0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6EEF006_2_00007FFDFA6EEF00
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D72C56_2_00007FFDFA6D72C5
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D46336_2_00007FFDFA6D4633
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D5B0F6_2_00007FFDFA6D5B0F
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D5DA36_2_00007FFDFA6D5DA3
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D4D046_2_00007FFDFA6D4D04
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA8063106_2_00007FFDFA806310
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D34866_2_00007FFDFA6D3486
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D47466_2_00007FFDFA6D4746
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D378D6_2_00007FFDFA6D378D
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D43596_2_00007FFDFA6D4359
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D1B316_2_00007FFDFA6D1B31
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D57D16_2_00007FFDFA6D57D1
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D1A4B6_2_00007FFDFA6D1A4B
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D5A606_2_00007FFDFA6D5A60
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA8028506_2_00007FFDFA802850
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D6FFF6_2_00007FFDFA6D6FFF
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D1CC16_2_00007FFDFA6D1CC1
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D36936_2_00007FFDFA6D3693
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D707C6_2_00007FFDFA6D707C
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA871AD06_2_00007FFDFA871AD0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D50AB6_2_00007FFDFA6D50AB
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA889B906_2_00007FFDFA889B90
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D35FD6_2_00007FFDFA6D35FD
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D4AC56_2_00007FFDFA6D4AC5
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D54CF6_2_00007FFDFA6D54CF
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D216C6_2_00007FFDFA6D216C
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D21356_2_00007FFDFA6D2135
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D53C16_2_00007FFDFA6D53C1
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D59F76_2_00007FFDFA6D59F7
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D4F3E6_2_00007FFDFA6D4F3E
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D638E6_2_00007FFDFA6D638E
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D3BA26_2_00007FFDFA6D3BA2
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D2D0B6_2_00007FFDFA6D2D0B
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA8060106_2_00007FFDFA806010
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D72AC6_2_00007FFDFA6D72AC
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D16226_2_00007FFDFA6D1622
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D3A856_2_00007FFDFA6D3A85
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D1CFD6_2_00007FFDFA6D1CFD
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D38326_2_00007FFDFA6D3832
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D266C6_2_00007FFDFA6D266C
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D1D836_2_00007FFDFA6D1D83
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D736A6_2_00007FFDFA6D736A
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D72576_2_00007FFDFA6D7257
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D29826_2_00007FFDFA6D2982
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6ED2606_2_00007FFDFA6ED260
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D68CA6_2_00007FFDFA6D68CA
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D710D6_2_00007FFDFA6D710D
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D53A86_2_00007FFDFA6D53A8
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA8893C06_2_00007FFDFA8893C0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D31896_2_00007FFDFA6D3189
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D1F966_2_00007FFDFA6D1F96
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D144C6_2_00007FFDFA6D144C
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA8111706_2_00007FFDFA811170
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA7FD1706_2_00007FFDFA7FD170
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6F52006_2_00007FFDFA6F5200
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D55106_2_00007FFDFA6D5510
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D3A8F6_2_00007FFDFA6D3A8F
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D15C86_2_00007FFDFA6D15C8
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D54CA6_2_00007FFDFA6D54CA
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D12996_2_00007FFDFA6D1299
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA8117A06_2_00007FFDFA8117A0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D65646_2_00007FFDFA6D6564
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D542F6_2_00007FFDFA6D542F
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D560F6_2_00007FFDFA6D560F
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D5F106_2_00007FFDFA6D5F10
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D44C66_2_00007FFDFA6D44C6
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D5BF06_2_00007FFDFA6D5BF0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D42876_2_00007FFDFA6D4287
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D50476_2_00007FFDFA6D5047
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D4B566_2_00007FFDFA6D4B56
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D11CC6_2_00007FFDFA6D11CC
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D4C146_2_00007FFDFA6D4C14
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D6D5C6_2_00007FFDFA6D6D5C
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D2D746_2_00007FFDFA6D2D74
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA884BC06_2_00007FFDFA884BC0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D2FCC6_2_00007FFDFA6D2FCC
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D177B6_2_00007FFDFA6D177B
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D22AC6_2_00007FFDFA6D22AC
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D4A536_2_00007FFDFA6D4A53
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D275C6_2_00007FFDFA6D275C
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D11406_2_00007FFDFA6D1140
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D10AA6_2_00007FFDFA6D10AA
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D592F6_2_00007FFDFA6D592F
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D12176_2_00007FFDFA6D1217
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D65A06_2_00007FFDFA6D65A0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D44036_2_00007FFDFA6D4403
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D362F6_2_00007FFDFA6D362F
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D6EBF6_2_00007FFDFA6D6EBF
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D26E96_2_00007FFDFA6D26E9
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D22FC6_2_00007FFDFA6D22FC
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA8103006_2_00007FFDFA810300
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D2E8C6_2_00007FFDFA6D2E8C
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D14246_2_00007FFDFA6D1424
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D41016_2_00007FFDFA6D4101
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D5B736_2_00007FFDFA6D5B73
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D4C376_2_00007FFDFA6D4C37
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA7807506_2_00007FFDFA780750
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D25EF6_2_00007FFDFA6D25EF
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D69E76_2_00007FFDFA6D69E7
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D6C216_2_00007FFDFA6D6C21
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA7FC7D06_2_00007FFDFA7FC7D0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6EC4806_2_00007FFDFA6EC480
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA8884906_2_00007FFDFA888490
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D2C756_2_00007FFDFA6D2C75
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6EC6206_2_00007FFDFA6EC620
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFB9B18906_2_00007FFDFB9B1890
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFB9B12C06_2_00007FFDFB9B12C0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE001745C06_2_00007FFE001745C0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE00173B206_2_00007FFE00173B20
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE001737406_2_00007FFE00173740
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE007370446_2_00007FFE00737044
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE007324706_2_00007FFE00732470
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE00731A006_2_00007FFE00731A00
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE00732EE06_2_00007FFE00732EE0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE00731B106_2_00007FFE00731B10
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE007353206_2_00007FFE00735320
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE0073F6506_2_00007FFE0073F650
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE007312906_2_00007FFE00731290
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE00735C306_2_00007FFE00735C30
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE00738F806_2_00007FFE00738F80
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE013001506_2_00007FFE01300150
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE012FC0306_2_00007FFE012FC030
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE012F3A006_2_00007FFE012F3A00
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE013802506_2_00007FFE01380250
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE0132256D6_2_00007FFE0132256D
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01321BDB6_2_00007FFE01321BDB
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE013220AE6_2_00007FFE013220AE
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE013809506_2_00007FFE01380950
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01326BA06_2_00007FFE01326BA0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE013215376_2_00007FFE01321537
Source: C:\Users\user\Desktop\datasett.exeCode function: String function: 00007FFDFA6D4D68 appears 38 times
Source: C:\Users\user\Desktop\datasett.exeCode function: String function: 00007FFDFA6D688E appears 31 times
Source: C:\Users\user\Desktop\datasett.exeCode function: String function: 00007FFDFAFC4057 appears 531 times
Source: C:\Users\user\Desktop\datasett.exeCode function: String function: 00007FFE0138D7E5 appears 42 times
Source: C:\Users\user\Desktop\datasett.exeCode function: String function: 61B9EBF8 appears 112 times
Source: C:\Users\user\Desktop\datasett.exeCode function: String function: 00007FFDFAFC24B9 appears 62 times
Source: C:\Users\user\Desktop\datasett.exeCode function: String function: 00007FFDFAFC1EF1 appears 904 times
Source: C:\Users\user\Desktop\datasett.exeCode function: String function: 00007FFE001AC0A0 appears 47 times
Source: C:\Users\user\Desktop\datasett.exeCode function: String function: 00007FFDFA6D698D appears 49 times
Source: C:\Users\user\Desktop\datasett.exeCode function: String function: 00007FFDFA6D300D appears 55 times
Source: C:\Users\user\Desktop\datasett.exeCode function: String function: 00007FFDFAFC300D appears 50 times
Source: C:\Users\user\Desktop\datasett.exeCode function: String function: 00007FFE012F3850 appears 51 times
Source: C:\Users\user\Desktop\datasett.exeCode function: String function: 00007FFDFAFC698D appears 35 times
Source: C:\Users\user\Desktop\datasett.exeCode function: String function: 00007FFDFA6D1EF1 appears 1581 times
Source: C:\Users\user\Desktop\datasett.exeCode function: String function: 61B1B860 appears 450 times
Source: C:\Users\user\Desktop\datasett.exeCode function: String function: 00007FFDFA6D24B9 appears 83 times
Source: C:\Users\user\Desktop\datasett.exeCode function: String function: 00007FFDFA6D4057 appears 782 times
Source: C:\Users\user\Desktop\datasett.exeCode function: String function: 00007FFDFAFC2A04 appears 95 times
Source: C:\Users\user\Desktop\datasett.exeCode function: String function: 00007FFDFA6D2734 appears 511 times
Source: C:\Users\user\Desktop\datasett.exeCode function: String function: 00007FFE0138D74F appears 63 times
Source: C:\Users\user\Desktop\datasett.exeCode function: String function: 00007FFDFAFC483B appears 90 times
Source: C:\Users\user\Desktop\datasett.exeCode function: String function: 00007FFE012F38C0 appears 96 times
Source: C:\Users\user\Desktop\datasett.exeCode function: String function: 00007FFDFAFC2734 appears 357 times
Source: C:\Users\user\Desktop\datasett.exeCode function: String function: 00007FFDFA6D2A04 appears 172 times
Source: C:\Users\user\Desktop\datasett.exeCode function: String function: 00007FFE013212EE appears 216 times
Source: C:\Users\user\Desktop\datasett.exeCode function: String function: 00007FFDFA6D483B appears 128 times
Source: C:\Users\user\Desktop\datasett.exeCode function: String function: 61B9EC40 appears 94 times
Source: C:\Users\user\Desktop\datasett.exeCode function: String function: 00007FF799672770 appears 82 times
Source: sapi.dll.0.drStatic PE information: Resource name: DATA type: a.out little-endian 32-bit pure executable not stripped
Source: srloc.dll.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: SpeechUX.dll.mui.0.drStatic PE information: Resource name: RT_STRING type: COM executable for DOS
Source: SpeechUXRes.dll.0.drStatic PE information: Resource name: SRGRAMMARS type: COM executable for DOS
Source: SpeechUX.dll.mui0.0.drStatic PE information: Resource name: RT_STRING type: COM executable for DOS
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: SpeechUXRes.dll.5.drStatic PE information: Resource name: SRGRAMMARS type: COM executable for DOS
Source: SpeechUX.dll.mui.5.drStatic PE information: Resource name: RT_STRING type: COM executable for DOS
Source: sapi.dll.5.drStatic PE information: Resource name: DATA type: a.out little-endian 32-bit pure executable not stripped
Source: srloc.dll.5.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: SpeechUX.dll.mui0.5.drStatic PE information: Resource name: RT_STRING type: COM executable for DOS
Source: unicodedata.pyd.5.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: pyarmor_runtime.pyd.0.drStatic PE information: Number of sections : 11 > 10
Source: pyarmor_runtime.pyd0.5.drStatic PE information: Number of sections : 11 > 10
Source: pyarmor_runtime.pyd.5.drStatic PE information: Number of sections : 11 > 10
Source: pyarmor_runtime.pyd0.0.drStatic PE information: Number of sections : 11 > 10
Source: srloc.dll.mui.0.drStatic PE information: No import functions for PE file found
Source: sapi.dll.mui.0.drStatic PE information: No import functions for PE file found
Source: speechuxcpl.dll.mui0.0.drStatic PE information: No import functions for PE file found
Source: SpeechUXRes.dll.0.drStatic PE information: No import functions for PE file found
Source: speechuxcpl.dll.mui.5.drStatic PE information: No import functions for PE file found
Source: SpeechUX.dll.mui0.5.drStatic PE information: No import functions for PE file found
Source: sapi.dll.mui.5.drStatic PE information: No import functions for PE file found
Source: SpeechUXWiz.exe.mui0.0.drStatic PE information: No import functions for PE file found
Source: sapi.cpl.mui.5.drStatic PE information: No import functions for PE file found
Source: srloc.dll.mui.5.drStatic PE information: No import functions for PE file found
Source: SpeechUX.dll.mui0.0.drStatic PE information: No import functions for PE file found
Source: SpeechUXWiz.exe.mui.0.drStatic PE information: No import functions for PE file found
Source: SpeechUX.dll.mui.5.drStatic PE information: No import functions for PE file found
Source: SpeechUXRes.dll.5.drStatic PE information: No import functions for PE file found
Source: SpeechUX.dll.mui.0.drStatic PE information: No import functions for PE file found
Source: sapi.cpl.mui.0.drStatic PE information: No import functions for PE file found
Source: SpeechUXWiz.exe.mui.5.drStatic PE information: No import functions for PE file found
Source: speechuxcpl.dll.mui0.5.drStatic PE information: No import functions for PE file found
Source: SpeechUXWiz.exe.mui0.5.drStatic PE information: No import functions for PE file found
Source: speechuxcpl.dll.mui.0.drStatic PE information: No import functions for PE file found
Source: datasett.exeBinary or memory string: OriginalFilename vs datasett.exe
Source: datasett.exe, 00000000.00000003.1674020513.000002CBEB848000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamespsreng.dllj% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1667992268.000002CBEB844000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1672913711.000002CBEB848000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs datasett.exe
Source: datasett.exe, 00000000.00000003.1674699694.000002CBEB848000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesrloc.dllj% vs datasett.exe
Source: datasett.exe, 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAlterVoiceStudio.exeD vs datasett.exe
Source: datasett.exe, 00000000.00000003.1667214039.000002CBEB844000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs datasett.exe
Source: datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1673033158.000002CBEB855000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32event.pyd0 vs datasett.exe
Source: datasett.exe, 00000000.00000003.1676889875.000002CBEB84B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpeechUXWiz.exe.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1676960490.000002CBEB856000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSapi.cpl.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1673033158.000002CBEB848000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32event.pyd0 vs datasett.exe
Source: datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1668598107.000002CBEB844000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1673844624.000002CBEB84B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesrloc.dll.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1677122523.000002CBEB848000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpeechUX.dll.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1677326922.000002CBEB84B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSPEECHUXCPL.DLL.MUIr) vs datasett.exe
Source: datasett.exe, 00000000.00000003.1673150638.000002CBEB848000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesapi.dll.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1676047096.000002CBEB848000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpeechDesktopPS.dllj% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs datasett.exe
Source: datasett.exe, 00000000.00000003.1677039105.000002CBEB856000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSapi.cpl.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1676344044.000002CBEB848000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpeechUX.dll.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1676960490.000002CBEB848000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSapi.cpl.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1677053962.000002CBEB84B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSPEECHUXCPL.DLL.MUIj% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1676889875.000002CBEB84D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpeechUXWiz.exe.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1677235733.000002CBEB84B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpeechUXWiz.exe.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1667583401.000002CBEB844000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1675507745.000002CBEB848000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpTip.dllj% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1674537321.000002CBEB848000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamespsrx.dllj% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1672316104.000002CBEB848000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepywintypes39.dll0 vs datasett.exe
Source: datasett.exe, 00000000.00000003.1667361976.000002CBEB844000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs datasett.exe
Source: datasett.exe, 00000000.00000003.1674987749.000002CBEB848000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMSTTSEngine.dllN vs datasett.exe
Source: datasett.exe, 00000000.00000003.1677235733.000002CBEB84D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpeechUXWiz.exe.muij% vs datasett.exe
Source: datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs datasett.exe
Source: datasett.exe, 00000000.00000003.1675300626.000002CBEB848000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMSTTSLoc.dllN vs datasett.exe
Source: datasett.exeBinary or memory string: OriginalFilename vs datasett.exe
Source: datasett.exe, 00000001.00000002.2916944161.00007FFE11EDD000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2916484664.00007FFE11524000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2916800351.00007FFE11EAF000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2917100720.00007FFE120C6000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2915584144.00007FFDFB75F000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython39.dll. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAlterVoiceStudio.exeD vs datasett.exe
Source: datasett.exe, 00000001.00000002.2917498541.00007FFE13313000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2916154228.00007FFE0EB66000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs datasett.exe
Source: datasett.exe, 00000001.00000002.2914549078.00007FFDFAFB1000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2917610398.00007FFE148E7000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2916349751.00007FFE10314000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2917387043.00007FFE130C6000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs datasett.exe
Source: datasett.exe, 00000001.00000002.2916584856.00007FFE117E9000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs datasett.exe
Source: datasett.exe, 00000001.00000002.2916679572.00007FFE11BB9000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilenamewin32event.pyd0 vs datasett.exe
Source: datasett.exe, 00000001.00000002.2915877295.00007FFE0E151000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs datasett.exe
Source: datasett.exe, 00000001.00000002.2915732229.00007FFE0147A000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilenamelibsslH vs datasett.exe
Source: datasett.exe, 00000001.00000002.2917807888.00007FFE1A487000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs datasett.exe
Source: datasett.exe, 00000001.00000002.2916001037.00007FFE0E181000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: OriginalFilenamepywintypes39.dll0 vs datasett.exe
Source: datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs datasett.exe
Source: datasett.exe, 00000005.00000003.1734914929.000001D3521DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpeechUXWiz.exe.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1716634961.000001D3521D4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs datasett.exe
Source: datasett.exe, 00000005.00000003.1729771015.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMSTTSEngine.dllN vs datasett.exe
Source: datasett.exe, 00000005.00000003.1730118682.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMSTTSLoc.dllN vs datasett.exe
Source: datasett.exe, 00000005.00000003.1734540252.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSapi.cpl.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1729432259.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesrloc.dllj% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1735086002.000001D3521DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSPEECHUXCPL.DLL.MUIr) vs datasett.exe
Source: datasett.exe, 00000005.00000003.1716510320.000001D3521D3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs datasett.exe
Source: datasett.exe, 00000005.00000000.1715429033.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAlterVoiceStudio.exeD vs datasett.exe
Source: datasett.exe, 00000005.00000003.1727990973.000001D3521E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32event.pyd0 vs datasett.exe
Source: datasett.exe, 00000005.00000003.1734540252.000001D3521E5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSapi.cpl.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1716730085.000001D3521D4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs datasett.exe
Source: datasett.exe, 00000005.00000003.1734368031.000001D3521DA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpeechUXWiz.exe.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1727098761.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepywintypes39.dll0 vs datasett.exe
Source: datasett.exe, 00000005.00000003.1733652317.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpeechUX.dll.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1727990973.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32event.pyd0 vs datasett.exe
Source: datasett.exe, 00000005.00000003.1734368031.000001D3521DC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpeechUXWiz.exe.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1729263501.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamespsrx.dllj% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1728763769.000001D3521DA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesrloc.dll.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1718158484.000001D3521D4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs datasett.exe
Source: datasett.exe, 00000005.00000003.1734761939.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpeechUX.dll.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1728939437.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamespsreng.dllj% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1721207686.000001D3521D4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs datasett.exe
Source: datasett.exe, 00000005.00000003.1722195369.000001D3521D4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs datasett.exe
Source: datasett.exe, 00000005.00000003.1730534935.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpTip.dllj% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1734663614.000001D3521DA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSPEECHUXCPL.DLL.MUIj% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1720689626.000001D3521D4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs datasett.exe
Source: datasett.exe, 00000005.00000003.1727515209.000001D3521DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs datasett.exe
Source: datasett.exe, 00000005.00000003.1727863582.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs datasett.exe
Source: datasett.exe, 00000005.00000003.1731666439.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpeechDesktopPS.dllj% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1734642486.000001D3521E5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSapi.cpl.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1717756841.000001D3521D4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs datasett.exe
Source: datasett.exe, 00000005.00000003.1734914929.000001D3521DD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpeechUXWiz.exe.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1721765801.000001D3521D4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs datasett.exe
Source: datasett.exe, 00000005.00000003.1721954880.000001D3521D4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs datasett.exe
Source: datasett.exe, 00000005.00000003.1728126740.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesapi.dll.muij% vs datasett.exe
Source: datasett.exe, 00000005.00000003.1722333278.000001D3521D4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs datasett.exe
Source: datasett.exe, 00000005.00000003.1727282533.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs datasett.exe
Source: datasett.exeBinary or memory string: OriginalFilename vs datasett.exe
Source: datasett.exe, 00000006.00000002.1760848787.00007FFE0CFB4000.00000002.00000001.01000000.00000021.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs datasett.exe
Source: datasett.exe, 00000006.00000000.1738888571.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAlterVoiceStudio.exeD vs datasett.exe
Source: datasett.exe, 00000006.00000003.1743133519.000002884E370000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs datasett.exe
Source: datasett.exe, 00000006.00000002.1760707760.00007FFE0CF86000.00000002.00000001.01000000.0000002B.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs datasett.exe
Source: datasett.exe, 00000006.00000002.1760610520.00007FFE0C0BF000.00000002.00000001.01000000.00000024.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs datasett.exe
Source: datasett.exe, 00000006.00000002.1759792495.00007FFE001C1000.00000002.00000001.01000000.0000002D.sdmpBinary or memory string: OriginalFilenamepywintypes39.dll0 vs datasett.exe
Source: datasett.exe, 00000006.00000002.1759590870.00007FFDFBAC1000.00000002.00000001.01000000.00000028.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs datasett.exe
Source: datasett.exe, 00000006.00000002.1759366858.00007FFDFAE6F000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: OriginalFilenamepython39.dll. vs datasett.exe
Source: datasett.exe, 00000006.00000002.1760517859.00007FFE0C0A9000.00000002.00000001.01000000.0000002C.sdmpBinary or memory string: OriginalFilenamewin32event.pyd0 vs datasett.exe
Source: datasett.exe, 00000006.00000002.1760322676.00007FFE014D4000.00000002.00000001.01000000.00000029.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs datasett.exe
Source: datasett.exe, 00000006.00000002.1761643586.00007FFE101E7000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs datasett.exe
Source: datasett.exe, 00000006.00000002.1758860580.00007FFDFAA17000.00000002.00000001.01000000.00000022.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs datasett.exe
Source: datasett.exe, 00000006.00000002.1759686551.00007FFE00191000.00000002.00000001.01000000.0000002F.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs datasett.exe
Source: datasett.exe, 00000006.00000002.1760950584.00007FFE0CFDD000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs datasett.exe
Source: datasett.exe, 00000006.00000002.1761822873.00007FFE10236000.00000002.00000001.01000000.00000025.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs datasett.exe
Source: datasett.exe, 00000006.00000002.1760423174.00007FFE0B2C9000.00000002.00000001.01000000.0000002E.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs datasett.exe
Source: datasett.exe, 00000006.00000002.1760185978.00007FFE013CA000.00000002.00000001.01000000.00000023.sdmpBinary or memory string: OriginalFilenamelibsslH vs datasett.exe
Source: datasett.exe, 00000006.00000002.1761222692.00007FFE0EB33000.00000002.00000001.01000000.0000001F.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs datasett.exe
Source: datasett.exe, 00000006.00000002.1759911027.00007FFE00756000.00000002.00000001.01000000.0000002A.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs datasett.exe
Source: datasett.exe, 00000006.00000002.1761977331.00007FFE11077000.00000002.00000001.01000000.00000020.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs datasett.exe
Source: datasett.exeBinary or memory string: OriginalFilenameAlterVoiceStudio.exeD vs datasett.exe
Source: classification engineClassification label: mal76.evad.winEXE@11/104@1/1
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF7996774B0 GetLastError,FormatMessageW,WideCharToMultiByte,0_2_00007FF7996774B0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE00174DD0 _Py_NoneStruct,_PyArg_ParseTuple_SizeT,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,GetDiskFreeSpaceW,PyEval_RestoreThread,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_BuildValue_SizeT,6_2_00007FFE00174DD0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE0017CC40 _PyArg_ParseTuple_SizeT,?PyWinObject_AsHANDLE@@YAHPEAU_object@@PEAPEAX@Z,?PyWinObject_AsResourceId@@YAHPEAU_object@@PEAPEA_WH@Z,?PyWinObject_AsResourceId@@YAHPEAU_object@@PEAPEA_WH@Z,FindResourceExW,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,SizeofResource,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,LoadResource,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,LockResource,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,?PyWinObject_FreeResourceId@@YAXPEA_W@Z,?PyWinObject_FreeResourceId@@YAXPEA_W@Z,6_2_00007FFE0017CC40
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1448:120:WilError_03
Source: C:\Users\user\Desktop\datasett.exeMutant created: \Sessions\1\BaseNamedObjects\Progaxxx82
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642Jump to behavior
Source: datasett.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\datasett.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: datasett.exeReversingLabs: Detection: 34%
Source: C:\Users\user\Desktop\datasett.exeFile read: C:\Users\user\Desktop\datasett.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\datasett.exe "C:\Users\user\Desktop\datasett.exe"
Source: C:\Users\user\Desktop\datasett.exeProcess created: C:\Users\user\Desktop\datasett.exe "C:\Users\user\Desktop\datasett.exe"
Source: C:\Users\user\Desktop\datasett.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /sc MINUTE /mo 15 /tn "VirboUpd" /tr "C:\Users\user\Desktop\datasett.exe" /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /sc MINUTE /mo 15 /tn "VirboUpd" /tr "C:\Users\user\Desktop\datasett.exe" /f
Source: unknownProcess created: C:\Users\user\Desktop\datasett.exe C:\Users\user\Desktop\datasett.exe
Source: C:\Users\user\Desktop\datasett.exeProcess created: C:\Users\user\Desktop\datasett.exe C:\Users\user\Desktop\datasett.exe
Source: C:\Users\user\Desktop\datasett.exeProcess created: C:\Users\user\Desktop\datasett.exe "C:\Users\user\Desktop\datasett.exe"Jump to behavior
Source: C:\Users\user\Desktop\datasett.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /sc MINUTE /mo 15 /tn "VirboUpd" /tr "C:\Users\user\Desktop\datasett.exe" /fJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /sc MINUTE /mo 15 /tn "VirboUpd" /tr "C:\Users\user\Desktop\datasett.exe" /fJump to behavior
Source: C:\Users\user\Desktop\datasett.exeProcess created: C:\Users\user\Desktop\datasett.exe C:\Users\user\Desktop\datasett.exeJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: python3.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: libffi-7.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: libcrypto-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: libssl-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: pywintypes39.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: python3.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: libffi-7.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: libcrypto-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: libssl-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: pywintypes39.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\datasett.exeFile opened: C:\Users\user\Desktop\pyvenv.cfgJump to behavior
Source: datasett.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: datasett.exeStatic file information: File size 11185705 > 1048576
Source: datasett.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: datasett.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: datasett.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: datasett.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: datasett.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: datasett.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: datasett.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: datasett.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb## source: _decimal.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\win32event.pdb source: datasett.exe, 00000000.00000003.1673033158.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916641506.00007FFE11BB5000.00000002.00000001.01000000.00000016.sdmp, datasett.exe, 00000005.00000003.1727990973.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1760479789.00007FFE0C0A5000.00000002.00000001.01000000.0000002C.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbMM source: datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916066006.00007FFE0EB5D000.00000002.00000001.01000000.00000014.sdmp, datasett.exe, 00000005.00000003.1721207686.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1759850177.00007FFE0074D000.00000002.00000001.01000000.0000002A.sdmp, _lzma.pyd.5.dr
Source: Binary string: D:\_w\1\b\bin\amd64\select.pdb source: datasett.exe, 00000000.00000003.1672434725.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2917570393.00007FFE148E4000.00000002.00000001.01000000.0000000A.sdmp, datasett.exe, 00000005.00000003.1727282533.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1761926164.00007FFE11074000.00000002.00000001.01000000.00000020.sdmp, select.pyd.5.dr, select.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: datasett.exe, 00000000.00000003.1668777531.000002CBEB845000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2917028198.00007FFE120C3000.00000002.00000001.01000000.00000015.sdmp, datasett.exe, 00000005.00000003.1722333278.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1760668819.00007FFE0CF83000.00000002.00000001.01000000.0000002B.sdmp, _uuid.pyd.0.dr
Source: Binary string: MSTTSLoc.pdbGCTL source: MSTTSLoc.dll.0.dr
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: datasett.exe, 00000001.00000002.2915687874.00007FFE01445000.00000002.00000001.01000000.0000000D.sdmp, datasett.exe, 00000006.00000002.1760119655.00007FFE01395000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: datasett.exe, 00000000.00000003.1667482511.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916312250.00007FFE1030E000.00000002.00000001.01000000.00000013.sdmp, datasett.exe, 00000005.00000003.1716730085.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1760283252.00007FFE014CE000.00000002.00000001.01000000.00000029.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: datasett.exe, 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmp, datasett.exe, 00000006.00000002.1758697606.00007FFDFA91F000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: SpeechUX.pdb source: SpeechUX.dll.5.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: datasett.exe, 00000000.00000003.1668412980.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2917339362.00007FFE130C3000.00000002.00000001.01000000.0000000F.sdmp, datasett.exe, 00000005.00000003.1721765801.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1761741700.00007FFE10233000.00000002.00000001.01000000.00000025.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_ssl.pdb source: datasett.exe, 00000001.00000002.2916407431.00007FFE1150D000.00000002.00000001.01000000.0000000B.sdmp, datasett.exe, 00000006.00000002.1760767373.00007FFE0CF9D000.00000002.00000001.01000000.00000021.sdmp, _ssl.pyd.5.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\win32api.pdb!! source: datasett.exe, 00000001.00000002.2915837657.00007FFE0E143000.00000002.00000001.01000000.00000019.sdmp, datasett.exe, 00000006.00000002.1759648415.00007FFE00183000.00000002.00000001.01000000.0000002F.sdmp, win32api.pyd.0.dr, win32api.pyd.5.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: datasett.exe, 00000000.00000003.1668128706.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916749884.00007FFE11EA7000.00000002.00000001.01000000.0000000E.sdmp, datasett.exe, 00000005.00000003.1720689626.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1760572192.00007FFE0C0B7000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: SpTip.pdbGCTL source: datasett.exe, 00000000.00000003.1675507745.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1730534935.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: datasett.exe, 00000000.00000003.1667361976.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916545747.00007FFE117E5000.00000002.00000001.01000000.00000018.sdmp, datasett.exe, 00000005.00000003.1716634961.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1760381109.00007FFE0B2C5000.00000002.00000001.01000000.0000002E.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: datasett.exe, 00000000.00000003.1668275108.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2916066006.00007FFE0EB5D000.00000002.00000001.01000000.00000014.sdmp, datasett.exe, 00000005.00000003.1721207686.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1759850177.00007FFE0074D000.00000002.00000001.01000000.0000002A.sdmp, _lzma.pyd.5.dr
Source: Binary string: in32event.pdb source: datasett.exe
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1n 15 Mar 2022built on: Tue Mar 15 18:32:50 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: datasett.exe, 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmp, datasett.exe, 00000006.00000002.1758697606.00007FFDFA91F000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: datasett.exe, 00000000.00000003.1667214039.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2917766399.00007FFE1A481000.00000002.00000001.01000000.00000005.sdmp, datasett.exe, 00000005.00000003.1716510320.000001D3521D3000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1761534002.00007FFE101E1000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\pywintypes.pdb** source: datasett.exe, 00000001.00000002.2915941722.00007FFE0E170000.00000002.00000001.01000000.00000017.sdmp, datasett.exe, 00000006.00000002.1759754239.00007FFE001B0000.00000002.00000001.01000000.0000002D.sdmp
Source: Binary string: SpeechUX.pdbGCTL source: SpeechUX.dll.5.dr
Source: Binary string: MSTTSLoc.pdb source: MSTTSLoc.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_ctypes.pdb source: datasett.exe, 00000001.00000002.2916894677.00007FFE11ED1000.00000002.00000001.01000000.00000006.sdmp, datasett.exe, 00000006.00000002.1760911705.00007FFE0CFD1000.00000002.00000001.01000000.0000001C.sdmp, _ctypes.pyd.5.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\win32api.pdb source: datasett.exe, 00000001.00000002.2915837657.00007FFE0E143000.00000002.00000001.01000000.00000019.sdmp, datasett.exe, 00000006.00000002.1759648415.00007FFE00183000.00000002.00000001.01000000.0000002F.sdmp, win32api.pyd.0.dr, win32api.pyd.5.dr
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: datasett.exe, 00000001.00000002.2915687874.00007FFE01445000.00000002.00000001.01000000.0000000D.sdmp, datasett.exe, 00000006.00000002.1760119655.00007FFE01395000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: SpeechUXPS.pdbGCTL source: datasett.exe, 00000000.00000003.1676047096.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1731666439.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: datasett.exe, 00000000.00000003.1668493540.000002CBEB844000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2917454297.00007FFE13309000.00000002.00000001.01000000.00000009.sdmp, datasett.exe, 00000005.00000003.1721954880.000001D3521D4000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1761102081.00007FFE0EB29000.00000002.00000001.01000000.0000001F.sdmp, _socket.pyd.5.dr, _socket.pyd.0.dr
Source: Binary string: SpTip.pdb source: datasett.exe, 00000000.00000003.1675507745.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1730534935.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\pywintypes.pdb source: datasett.exe, 00000001.00000002.2915941722.00007FFE0E170000.00000002.00000001.01000000.00000017.sdmp, datasett.exe, 00000006.00000002.1759754239.00007FFE001B0000.00000002.00000001.01000000.0000002D.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: datasett.exe, 00000000.00000003.1672614789.000002CBEB84F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmp, datasett.exe, 00000005.00000003.1727515209.000001D3521DE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1759427402.00007FFDFBABB000.00000002.00000001.01000000.00000028.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\python39.pdb source: datasett.exe, 00000001.00000002.2915271158.00007FFDFB643000.00000002.00000001.01000000.00000004.sdmp, datasett.exe, 00000006.00000002.1759072943.00007FFDFAD53000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: SpeechUXPS.pdb source: datasett.exe, 00000000.00000003.1676047096.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1731666439.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: datasett.exe, 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmp, datasett.exe, 00000006.00000002.1758697606.00007FFDFA9A1000.00000002.00000001.01000000.00000022.sdmp
Source: datasett.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: datasett.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: datasett.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: datasett.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: datasett.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: sapi.dll.0.drStatic PE information: 0xFDA8E98A [Sun Nov 9 20:24:42 2104 UTC]
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B01CC0 LoadLibraryA,GetProcAddress,GetCurrentThread,1_2_61B01CC0
Source: pywintypes39.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x224d8
Source: pyarmor_runtime.pyd.0.drStatic PE information: real checksum: 0xa6f9d should be: 0x9903e
Source: win32api.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x303a5
Source: win32event.pyd.5.drStatic PE information: real checksum: 0x0 should be: 0x76e6
Source: md__mypyc.cp39-win_amd64.pyd.5.drStatic PE information: real checksum: 0x0 should be: 0x2a468
Source: pyarmor_runtime.pyd0.5.drStatic PE information: real checksum: 0xa6f9d should be: 0x9903e
Source: pywintypes39.dll.5.drStatic PE information: real checksum: 0x0 should be: 0x224d8
Source: pyarmor_runtime.pyd.5.drStatic PE information: real checksum: 0xa6f9d should be: 0x9903e
Source: win32event.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x76e6
Source: win32api.pyd.5.drStatic PE information: real checksum: 0x0 should be: 0x303a5
Source: pyarmor_runtime.pyd0.0.drStatic PE information: real checksum: 0xa6f9d should be: 0x9903e
Source: md__mypyc.cp39-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x2a468
Source: md.cp39-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xa859
Source: md.cp39-win_amd64.pyd.5.drStatic PE information: real checksum: 0x0 should be: 0xa859
Source: datasett.exeStatic PE information: section name: _RDATA
Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: sapi.dll.0.drStatic PE information: section name: .didat
Source: SpeechUX.dll.0.drStatic PE information: section name: .didat
Source: speechuxcpl.dll.0.drStatic PE information: section name: .didat
Source: pyarmor_runtime.pyd.0.drStatic PE information: section name: .xdata
Source: pyarmor_runtime.pyd0.0.drStatic PE information: section name: .xdata
Source: speechuxcpl.dll.5.drStatic PE information: section name: .didat
Source: VCRUNTIME140.dll.5.drStatic PE information: section name: _RDATA
Source: libcrypto-1_1.dll.5.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.5.drStatic PE information: section name: .00cfg
Source: sapi.dll.5.drStatic PE information: section name: .didat
Source: SpeechUX.dll.5.drStatic PE information: section name: .didat
Source: pyarmor_runtime.pyd.5.drStatic PE information: section name: .xdata
Source: pyarmor_runtime.pyd0.5.drStatic PE information: section name: .xdata
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF7996C10E4 push rcx; retn 0000h0_2_00007FF7996C10ED
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF7996C10CC push rbp; retn 0000h0_2_00007FF7996C10CD
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF7996C10E4 push rcx; retn 0000h1_2_00007FF7996C10ED
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF7996C10CC push rbp; retn 0000h1_2_00007FF7996C10CD

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\datasett.exeCode function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d1_2_61B12260
Source: C:\Users\user\Desktop\datasett.exeCode function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d1_2_61B11EB0
Source: C:\Users\user\Desktop\datasett.exeCode function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d6_2_61B12260
Source: C:\Users\user\Desktop\datasett.exeCode function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d6_2_61B11EB0
Found pyInstaller with non standard icon
Source: C:\Users\user\Desktop\datasett.exeProcess created: "C:\Users\user\Desktop\datasett.exe"
Source: C:\Users\user\Desktop\datasett.exeProcess created: C:\Users\user\Desktop\datasett.exe
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SpeechUX.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\spsreng.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SpeechUXWiz.exeJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SpeechUXPS.DLLJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\TTS\MSTTSLoc.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\en-US\srloc.dll.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer\md.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\win32api.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\_uuid.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32\pywintypes39.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\win32event.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\speechuxcpl.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\sapi.cpl.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\ru-RU\SpeechUXWiz.exe.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\python39.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Common\en-US\sapi.dll.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\win32api.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\spsrx.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\SpeechUXWiz.exe.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\win32event.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\sapi.cplJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\_uuid.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\SpeechUX.dll.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\select.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\pyarmor_runtime.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\SpeechUXWiz.exe.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Common\sapi.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\pyarmor_runtime_000000\pyarmor_runtime.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\SpeechUXRes.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\spsreng.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\ru-RU\speechuxcpl.dll.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\libffi-7.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\ru-RU\SpeechUXWiz.exe.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer\md.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer\md__mypyc.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SPTIP.DLLJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\TTS\MSTTSEngine.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\python39.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\spsrx.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\TTS\MSTTSLoc.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SpeechUXWiz.exeJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\speechuxcpl.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\en-US\srloc.dll.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\SpeechUX.dll.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\ru-RU\speechuxcpl.dll.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\sapi.cplJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\libffi-7.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\ru-RU\SpeechUX.dll.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\select.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Common\sapi.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SpeechUXPS.DLLJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\pyarmor_runtime.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\speechuxcpl.dll.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\pyarmor_runtime_000000\pyarmor_runtime.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\srloc.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Common\en-US\sapi.dll.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\sapi.cpl.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SpeechUX.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\TTS\MSTTSEngine.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer\md__mypyc.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\SpeechUXRes.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\speechuxcpl.dll.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SPTIP.DLLJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\pywin32_system32\pywintypes39.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\ru-RU\SpeechUX.dll.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\srloc.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\sapi.cplJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\sapi.cplJump to dropped file
Source: packs.sha256.5.drBinary or memory string: d8d4831a1bccbed23dca1847105b08745da677c852b05c5552a2651642ef4a3e en-US/bcdedit.exe.mui

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\datasett.exeCode function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d1_2_61B12260
Source: C:\Users\user\Desktop\datasett.exeCode function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d1_2_61B11EB0
Source: C:\Users\user\Desktop\datasett.exeCode function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d6_2_61B12260
Source: C:\Users\user\Desktop\datasett.exeCode function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d6_2_61B11EB0
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /sc MINUTE /mo 15 /tn "VirboUpd" /tr "C:\Users\user\Desktop\datasett.exe" /f
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF799673DF0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF799673DF0
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC32F6 rdtsc 1_2_00007FFDFAFC32F6
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SpeechUX.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\spsreng.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SpeechUXWiz.exeJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SpeechUXPS.DLLJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\TTS\MSTTSLoc.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\en-US\srloc.dll.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer\md.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\win32api.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\_uuid.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\speechuxcpl.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\win32event.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\sapi.cpl.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\ru-RU\SpeechUXWiz.exe.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\python39.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Common\en-US\sapi.dll.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\win32api.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\spsrx.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\win32event.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\SpeechUXWiz.exe.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\sapi.cplJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\SpeechUX.dll.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\_uuid.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\select.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Common\sapi.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\pyarmor_runtime.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\SpeechUXWiz.exe.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\pyarmor_runtime_000000\pyarmor_runtime.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\spsreng.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\SpeechUXRes.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\ru-RU\speechuxcpl.dll.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer\md.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\ru-RU\SpeechUXWiz.exe.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer\md__mypyc.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SPTIP.DLLJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\TTS\MSTTSEngine.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\python39.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\spsrx.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\TTS\MSTTSLoc.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SpeechUXWiz.exeJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\speechuxcpl.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\en-US\srloc.dll.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\sapi.cplJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\ru-RU\speechuxcpl.dll.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\SpeechUX.dll.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\ru-RU\SpeechUX.dll.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\select.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Common\sapi.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SpeechUXPS.DLLJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\pyarmor_runtime.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\speechuxcpl.dll.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\pyarmor_runtime_000000\pyarmor_runtime.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\srloc.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Common\en-US\sapi.dll.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\sapi.cpl.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SpeechUX.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\TTS\MSTTSEngine.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer\md__mypyc.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\SpeechUXRes.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\speechuxcpl.dll.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SPTIP.DLLJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\ru-RU\SpeechUX.dll.muiJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\srloc.dllJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI68642\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI50522\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\datasett.exeAPI coverage: 2.9 %
Source: C:\Users\user\Desktop\datasett.exeAPI coverage: 1.4 %
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF7996909B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7996909B4
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF799686714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF799686714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF799677820 FindFirstFileExW,FindClose,0_2_00007FF799677820
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF7996909B4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF7996909B4
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF799686714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,1_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF799686714 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,1_2_00007FF799686714
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF799677820 FindFirstFileExW,FindClose,1_2_00007FF799677820
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D3229 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,6_2_00007FFDFA6D3229
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE00173740 _PyArg_ParseTuple_SizeT,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyList_New,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindFirstFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,?PyObject_FromWIN32_FIND_DATAW@@YAPEAU_object@@PEAU_WIN32_FIND_DATAW@@@Z,PyList_Append,_Py_Dealloc,FindNextFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindClose,_Py_Dealloc,6_2_00007FFE00173740
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE001755D0 _PyArg_ParseTuple_SizeT,GetLogicalDriveStringsW,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,GetLogicalDriveStringsW,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W_J@Z,6_2_00007FFE001755D0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE0017FC68 VirtualQuery,GetSystemInfo,6_2_00007FFE0017FC68
Source: datasett.exe, 00000000.00000003.1678475049.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1736892802.000001D3521D8000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: datasett.exe, 00000006.00000002.1755865343.000002884E32B000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753742679.000002884E325000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754885711.000002884E32A000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753458207.000002884E30D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW) --%SystemRoot%\system32\mswsock.dllableSequence.insertc
Source: datasett.exe, 00000000.00000003.1675300626.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1730118682.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, MSTTSLoc.dll.0.drBinary or memory string: .?AVCRegistryVirtualMachine@ATL@@
Source: datasett.exeBinary or memory string: jqEMu
Source: datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: packs.sha256.5.drBinary or memory string: bb2f0ec2251002a1f4162013a2357425d1de8e69ab8ca122c2cefe54f5b24500 en-US/vmdebug.dll.mui
Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd

Anti Debugging

barindex
Potentially malicious time measurement code found
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D572C6_2_00007FFDFA6D572C
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D42416_2_00007FFDFA6D4241
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC32F6 rdtsc 1_2_00007FFDFAFC32F6
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF799689AE4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF799689AE4
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B01CC0 LoadLibraryA,GetProcAddress,GetCurrentThread,1_2_61B01CC0
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF7996925A0 GetProcessHeap,0_2_00007FF7996925A0
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF799689AE4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF799689AE4
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF79967B69C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF79967B69C
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF79967AE00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF79967AE00
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF79967B880 SetUnhandledExceptionFilter,0_2_00007FF79967B880
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_61B7D400 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,1_2_61B7D400
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF799689AE4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF799689AE4
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF79967B69C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF79967B69C
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF79967AE00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FF79967AE00
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FF79967B880 SetUnhandledExceptionFilter,1_2_00007FF79967B880
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAEA3310 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFDFAEA3310
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAEA2994 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFDFAEA2994
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAEA34F8 SetUnhandledExceptionFilter,1_2_00007FFDFAEA34F8
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC5A1F IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFDFAFC5A1F
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_61B7D400 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,6_2_61B7D400
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D5A1F IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00007FFDFA6D5A1F
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFB9B2994 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00007FFDFB9B2994
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFB9B3310 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00007FFDFB9B3310
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFB9B34F8 SetUnhandledExceptionFilter,6_2_00007FFDFB9B34F8
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE00180CBC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00007FFE00180CBC
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE001818C0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00007FFE001818C0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE00181AA8 SetUnhandledExceptionFilter,6_2_00007FFE00181AA8
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE001AF8AC SetUnhandledExceptionFilter,6_2_00007FFE001AF8AC
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE001AE5AC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00007FFE001AE5AC
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE001AF6C4 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00007FFE001AF6C4
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE00743CF8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00007FFE00743CF8
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE00743EE0 SetUnhandledExceptionFilter,6_2_00007FFE00743EE0
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE00743374 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00007FFE00743374
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01303818 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00007FFE01303818
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE01303250 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00007FFE01303250
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE0017DC70 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,keybd_event,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,6_2_00007FFE0017DC70
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE0017DD10 _PyArg_ParseTuple_SizeT,PyEval_SaveThread,mouse_event,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,6_2_00007FFE0017DD10
Source: C:\Users\user\Desktop\datasett.exeProcess created: C:\Users\user\Desktop\datasett.exe "C:\Users\user\Desktop\datasett.exe"Jump to behavior
Source: C:\Users\user\Desktop\datasett.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /sc MINUTE /mo 15 /tn "VirboUpd" /tr "C:\Users\user\Desktop\datasett.exe" /fJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /sc MINUTE /mo 15 /tn "VirboUpd" /tr "C:\Users\user\Desktop\datasett.exe" /fJump to behavior
Source: C:\Users\user\Desktop\datasett.exeProcess created: C:\Users\user\Desktop\datasett.exe C:\Users\user\Desktop\datasett.exeJump to behavior
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE001A7D00 PyArg_ParseTuple,PyExc_TypeError,PyErr_SetString,GetSecurityDescriptorDacl,free,SetSecurityDescriptorDacl,GetSecurityDescriptorOwner,free,GetSecurityDescriptorGroup,free,free,free,6_2_00007FFE001A7D00
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE001A8B80 _PyArg_ParseTuple_SizeT,PyErr_Clear,_PyArg_ParseTuple_SizeT,PyErr_Clear,_PyArg_ParseTuple_SizeT,PySequence_Check,PyExc_TypeError,PyErr_SetString,PySequence_Size,PySequence_Tuple,_PyArg_ParseTuple_SizeT,_Py_Dealloc,AllocateAndInitializeSid,PyExc_ValueError,PyErr_SetString,_Py_NewReference,malloc,memset,memcpy,6_2_00007FFE001A8B80
Source: SpeechUX.dll.5.drBinary or memory string: EnableFocusWarningMS:SpeechTopLevelProgmanWorkerWButtonShell_TrayWndSidebar_AppBarWindowSELECT TOP 10000 System.DateModified, System.ItemUrl, System.Search.AutoSummary FROM SystemIndex..scope() WHERE System.DateModified > '%d/%d/%d %d:%d:%d' and (System.ItemType = '.doc' or System.ItemType='.docx' or System.Message.MessageClass='MAPI/IPM.Note') and (NOT Contains(System.Shell.SFGAOFlagsStrings, 'hidden')) ORDER BY System.DateModifiedApplication=WindowsSearch.CollatorDSOfile:csc:file:/Row: %s, %s
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF7996989B0 cpuid 0_2_00007FF7996989B0
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\Speech VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pyarmor_runtime_000000 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pyarmor_runtime_000000 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pyarmor_runtime_000000 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pyarmor_runtime_000000\pyarmor_runtime.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer\md.cp39-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer\md__mypyc.cp39-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\unicodedata.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\_uuid.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\win32event.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\win32api.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\certifi\cacert.pem VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\certifi\cacert.pem VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI68642\certifi\cacert.pem VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\Speech VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\pyarmor_runtime_000000 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\pyarmor_runtime_000000 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\pyarmor_runtime_000000 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\pyarmor_runtime_000000\pyarmor_runtime.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\Desktop\datasett.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer\md.cp39-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF79967B580 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF79967B580
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE001743D0 _PyArg_ParseTuple_SizeT,GetUserNameW,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,6_2_00007FFE001743D0
Source: C:\Users\user\Desktop\datasett.exeCode function: 0_2_00007FF799694E20 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF799694E20
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFE00177A20 _PyArg_ParseTuple_SizeT,GetVersion,_Py_BuildValue_SizeT,6_2_00007FFE00177A20
Source: C:\Users\user\Desktop\datasett.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\Desktop\datasett.exeCode function: 1_2_00007FFDFAFC2B5D bind,WSAGetLastError,1_2_00007FFDFAFC2B5D
Source: C:\Users\user\Desktop\datasett.exeCode function: 6_2_00007FFDFA6D2B5D bind,WSAGetLastError,6_2_00007FFDFA6D2B5D

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Scheduled Task/Job		1
Scheduled Task/Job		12
Process Injection		1
Masquerading		11
Input Capture		2
System Time Discovery		Remote Services11
Input Capture		22
Encrypted Channel		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts1
Native API		11
Bootkit		1
Scheduled Task/Job		12
Process Injection		LSASS Memory31
Security Software Discovery		Remote Desktop Protocol1
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
Obfuscated Files or Information		NTDS1
Account Discovery		Distributed Component Object ModelInput Capture2
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
Bootkit		LSA Secrets1
System Owner/User Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Timestomp		Cached Domain Credentials1
System Network Configuration Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSync2
File and Directory Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem26
System Information Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1580468 Sample: datasett.exe Startdate: 24/12/2024 Architecture: WINDOWS Score: 76 43 iplogger.org 2->43 47 Antivirus / Scanner detection for submitted sample 2->47 49 Multi AV Scanner detection for submitted file 2->49 51 AI detected suspicious sample 2->51 9 datasett.exe 69 2->9         started        13 datasett.exe 69 2->13         started        signatures3 process4 file5 27 C:\Users\user\AppData\...\win32event.pyd, PE32+ 9->27 dropped 29 C:\Users\user\AppData\Local\...\win32api.pyd, PE32+ 9->29 dropped 31 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 9->31 dropped 39 44 other files (none is malicious) 9->39 dropped 55 Contains functionality to infect the boot sector 9->55 57 Found pyInstaller with non standard icon 9->57 59 Potentially malicious time measurement code found 9->59 15 datasett.exe 9->15         started        33 C:\Users\user\AppData\...\win32event.pyd, PE32+ 13->33 dropped 35 C:\Users\user\AppData\Local\...\win32api.pyd, PE32+ 13->35 dropped 37 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 13->37 dropped 41 44 other files (none is malicious) 13->41 dropped 18 datasett.exe 13->18         started        signatures6 process7 dnsIp8 45 iplogger.org 104.26.3.46, 443, 49731 CLOUDFLARENETUS United States 15->45 20 cmd.exe 1 15->20         started        process9 signatures10 53 Uses schtasks.exe or at.exe to add and modify task schedules 20->53 23 conhost.exe 20->23         started        25 schtasks.exe 1 20->25         started        process11

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
datasett.exe34%ReversingLabsWin64.Adware.RedCap
datasett.exe100%AviraTR/Redcap.xorcu

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Common\en-US\sapi.dll.mui0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Common\sapi.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\en-US\srloc.dll.mui0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\spsreng.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\spsrx.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\srloc.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\TTS\MSTTSEngine.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\TTS\MSTTSLoc.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SPTIP.DLL0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SpeechUX.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SpeechUXPS.DLL0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SpeechUXWiz.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\SpeechUX.dll.mui0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\SpeechUXRes.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\SpeechUXWiz.exe.mui0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\sapi.cpl.mui0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\speechuxcpl.dll.mui0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\ru-RU\SpeechUX.dll.mui0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\ru-RU\SpeechUXWiz.exe.mui0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\ru-RU\speechuxcpl.dll.mui0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\sapi.cpl0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\speechuxcpl.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\VCRUNTIME140_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\__init__.py0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\_uuid.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer\md.cp39-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer\md__mypyc.cp39-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\libcrypto-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\libffi-7.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\libssl-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\pyarmor_runtime.pyd4%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\pyarmor_runtime_000000\pyarmor_runtime.pyd4%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\python39.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\pywin32_system32\pywintypes39.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\unicodedata.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\win32api.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI50522\win32event.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Common\en-US\sapi.dll.mui0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Common\sapi.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\en-US\srloc.dll.mui0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\spsreng.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\spsrx.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\srloc.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\TTS\MSTTSEngine.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\TTS\MSTTSLoc.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SPTIP.DLL0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SpeechUX.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SpeechUXPS.DLL0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SpeechUXWiz.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\SpeechUX.dll.mui0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\SpeechUXRes.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\SpeechUXWiz.exe.mui0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\sapi.cpl.mui0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\speechuxcpl.dll.mui0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\ru-RU\SpeechUX.dll.mui0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\ru-RU\SpeechUXWiz.exe.mui0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\ru-RU\speechuxcpl.dll.mui0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\sapi.cpl0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://ocsp.accv.ese0%Avira URL Cloudsafe
http://ocsp.digif0%Avira URL Cloudsafe
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningspf0%Avira URL Cloudsafe
http://ocsp.digi0%Avira URL Cloudsafe
http://www.robotstxt.org/norobots-rfc.txt0%Avira URL Cloudsafe
http://repository.swisssign.com/a0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
iplogger.org
104.26.3.46
truefalse
    		high

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://google.com/datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1755830091.000002884E312000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753785930.000002884E30E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753458207.000002884E30D000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754788827.000002884E311000.00000004.00000020.00020000.00000000.sdmpfalse
      		high
      https://mahler:8092/site-updates.pydatasett.exe, 00000001.00000003.1685920181.000001CA0EAB7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1686004054.000001CA0EAF2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752494608.00000288508E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754249502.00000288508EB000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752863410.00000288508EA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754753546.00000288508FE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1743252369.000002884E3C0000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1743133519.000002884E3BC000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754572349.00000288508EB000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        http://crl.securetrust.com/SGCA.crldatasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          https://api.telegram.org/botdatasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmpfalse
            		high
            http://.../back.jpegdatasett.exe, 00000001.00000002.2913572705.000001CA11710000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1746646839.0000028850A1F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757882425.0000028850D30000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              https://www.python.org/download/releases/2.3/mro/.datasett.exe, 00000001.00000003.1684836609.000001CA0EAF8000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912253685.000001CA10880000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684777469.000001CA0EAEC000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684695963.000001CA0EAEC000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684754877.000001CA0EAF8000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1742795678.000002884E3B6000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756347653.00000288502A0000.00000004.00001000.00020000.00000000.sdmpfalse
                		high
                https://github.com/mhammond/pywin32datasett.exe, datasett.exe, 00000006.00000002.1759792495.00007FFE001C1000.00000002.00000001.01000000.0000002D.sdmp, datasett.exe, 00000006.00000002.1760517859.00007FFE0C0A9000.00000002.00000001.01000000.0000002C.sdmp, datasett.exe, 00000006.00000002.1759686551.00007FFE00191000.00000002.00000001.01000000.0000002F.sdmp, win32api.pyd.0.dr, win32api.pyd.5.drfalse
                  		high
                  https://httpbin.org/postdatasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1755865343.000002884E32B000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753742679.000002884E325000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754885711.000002884E32A000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753458207.000002884E30D000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://crl.dhimyotis.com/certignarootca.crl0datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      http://ocsp.digifdatasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://github.com/Ousret/charset_normalizerdatasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757421956.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.000002885095E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752786045.0000028850945000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753256581.0000028850946000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://ocsp.accv.esedatasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.firmaprofesional.com/cps0datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          http://www.accv.es/legislacion_c.htm9hxjdatasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://python.org/dev/peps/pep-0263/datasett.exe, 00000006.00000002.1759072943.00007FFDFAD53000.00000002.00000001.01000000.0000001A.sdmpfalse
                              		high
                              https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#datasett.exe, 00000001.00000003.1685920181.000001CA0EAB7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684134076.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680524631.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680369460.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683770842.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680369460.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680315220.000001CA0EADF000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683979233.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680192150.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684134076.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680524631.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683770842.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680684974.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680328707.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683979233.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683478506.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680684974.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683478506.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754037534.0000028850461000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://github.com/urllib3/urllib3/issues/2920datasett.exe, 00000001.00000002.2913229256.000001CA11220000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757421956.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.0000028850955000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752786045.0000028850945000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753256581.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757792500.0000028850C40000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  http://crl.securetrust.com/SGCA.crl0datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://yahoo.com/datasett.exe, 00000001.00000002.2912355486.000001CA10AE3000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757421956.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1755060297.00000288508C7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.0000028850955000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754014840.00000288508C6000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752786045.0000028850945000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753256581.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://crl.securetrust.com/STCA.crl0datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://tools.ietf.org/html/rfc2388#section-4.4datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753093881.000002884E39C000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752439883.000002884E347000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753503603.000002884E3A2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753676136.000002884E3AE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756028776.000002884E3B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://iplogger.org/Drop8VbLinkdatasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            https://pastebin.com/raw/uUbM2VAB__path__datasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1755318713.0000028850540000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1746858969.00000288504DD000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756677827.0000028850541000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753339807.000002885053F000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752759804.0000028850537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://repository.swisssign.com/adatasett.exe, 00000001.00000002.2912643746.000001CA10E85000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://crl.thawte.com/ThawteTimestampingCA.crl0datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://html.spec.whatwg.org/multipage/datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752494608.00000288508E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754249502.00000288508EB000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752863410.00000288508EA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754770494.00000288508F6000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754572349.00000288508EB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://iplogger.org/Drop8otstukdatasett.exe, 00000006.00000002.1756885684.00000288505F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.quovadisglobal.com/cps0datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crldatasett.exe, 00000001.00000002.2912355486.000001CA10AE3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsdatasett.exe, 00000001.00000002.2913158600.000001CA11190000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757734662.0000028850BB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://pastebin.com/raw/fn5bRN1Fdatasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963datasett.exe, 00000001.00000002.2913023346.000001CA11070000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757610535.0000028850A90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://requests.readthedocs.iodatasett.exe, 00000006.00000002.1758039593.0000028850E10000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1755865343.000002884E32B000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753742679.000002884E325000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754885711.000002884E32A000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753458207.000002884E30D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://crl.dhimyotis.com/certignarootca.crldatasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://curl.haxx.se/rfc/cookie_spec.htmldatasett.exe, 00000001.00000002.2913296015.000001CA112C0000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757849481.0000028850CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://ocsp.accv.esdatasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://crl.xrampsecurity.com/XGCA.crlerrdatasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://repository.swisssign.com/datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912643746.000001CA10E85000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://json.orgdatasett.exe, 00000006.00000003.1754572349.00000288508EB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxydatasett.exe, 00000001.00000002.2913193358.000001CA111D0000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757764425.0000028850BF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688datasett.exe, 00000001.00000003.1685920181.000001CA0EAB7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684134076.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680369460.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680192150.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680524631.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683770842.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680684974.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912089151.000001CA102F0000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680328707.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683979233.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683478506.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756225617.0000028850060000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://httpbin.org/getdatasett.exe, 00000006.00000002.1758008992.0000028850DD0000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756488404.0000028850470000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752999911.00000288504DD000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754572349.00000288508EB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://crl.xrampsecurity.com/XGCA.crldatasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://github.com/urllib3/urllib3/issues/2920pdatasett.exe, 00000006.00000002.1757792500.0000028850C40000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.python.orgdatasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1755865343.000002884E32B000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753742679.000002884E325000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754885711.000002884E32A000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753458207.000002884E30D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.robotstxt.org/norobots-rfc.txtdatasett.exe, 00000006.00000003.1754037534.0000028850461000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754075017.0000028850465000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754502410.000002885046D000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754328484.0000028850466000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756488404.0000028850470000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://pastebin.com/raw/uUbM2VABdatasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.accv.es/legislacion_c.htm0Udatasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://ocsp.digidatasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://wwww.certigna.fr/autorites/0mdatasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://ocsp.accv.es0datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://ocsp.thawte.com0datasett.exe, 00000000.00000003.1669998758.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1724156433.000001D3521D7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.python.org/datasett.exe, 00000001.00000003.1685920181.000001CA0EAB7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1686004054.000001CA0EAF2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752494608.00000288508E2000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754249502.00000288508EB000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752863410.00000288508EA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754753546.00000288508FE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1743252369.000002884E3C0000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1743133519.000002884E3BC000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754572349.00000288508EB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerdatasett.exe, 00000001.00000003.1685920181.000001CA0EAB7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684134076.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680524631.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680369460.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683770842.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680369460.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680315220.000001CA0EADF000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683979233.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680192150.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684134076.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680524631.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683770842.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680684974.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680328707.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683979233.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683478506.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680684974.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683478506.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754037534.0000028850461000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://api.ipify.org?format=jsondatasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://httpbin.org/datasett.exe, 00000006.00000003.1752439883.000002884E347000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.python.org/dev/peps/pep-0205/datasett.exe, 00000000.00000003.1678160567.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912516810.000001CA10BD0000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000005.00000003.1736245775.000001D3521D8000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756885684.00000288505F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://wwww.certigna.fr/autorites/datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://twitter.com/datasett.exe, 00000001.00000002.2912355486.000001CA10AE3000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757421956.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753093881.000002884E39C000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.0000028850955000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752786045.0000028850945000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753256581.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752439883.000002884E347000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://www.quovadisglobal.com/cpsdatasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535datasett.exe, 00000001.00000002.2912355486.000001CA10AE3000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1755081662.0000028850539000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1746858969.00000288504DD000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1755383513.0000028850539000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753649523.000002885088E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756677827.0000028850539000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752944599.0000028850874000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752759804.0000028850537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sydatasett.exe, 00000001.00000003.1685920181.000001CA0EAB7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684134076.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680524631.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680369460.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683770842.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680369460.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680315220.000001CA0EADF000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683979233.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680192150.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1684134076.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680524631.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683770842.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680684974.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680328707.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683979233.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683478506.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1680684974.000001CA0EAA9000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000003.1683478506.000001CA0EADA000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754037534.0000028850461000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://google.com/datasett.exe, 00000006.00000003.1753256581.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752439883.000002884E347000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://google.com/mail/datasett.exe, 00000006.00000003.1754433045.000002884E3C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://google.com/mail/datasett.exe, 00000001.00000002.2912355486.000001CA10AE3000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757216796.00000288508C0000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://crl.securetrust.com/STCA.crldatasett.exe, 00000001.00000002.2912355486.000001CA10A40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://wwwsearch.sf.net/):datasett.exe, 00000001.00000002.2913343331.000001CA113A0000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757339264.0000028850934000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.0000028850924000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753139716.0000028850932000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1755344880.0000028850934000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751520665.0000028850915000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://ipinfo.io/datasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://pastebin.com/raw/C1vS7y2Xdatasett.exe, 00000001.00000002.2912481776.000001CA10B80000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1756812067.00000288505A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://www.accv.es/legislacion_c.htmdatasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://tools.ietf.org/html/rfc6125#section-6.4.3datasett.exe, 00000001.00000002.2913193358.000001CA111D0000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757764425.0000028850BF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://www.cert.fnmt.es/dpcs/Adatasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://crl.xrampsecurity.com/XGCA.crl0datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.openssl.org/Hdatasett.exe, 00000000.00000003.1670119905.000002CBEB848000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmp, datasett.exe, 00000001.00000002.2915732229.00007FFE0147A000.00000002.00000001.01000000.0000000D.sdmp, datasett.exe, 00000005.00000003.1724313754.000001D3521D7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1758860580.00007FFDFAA17000.00000002.00000001.01000000.00000022.sdmp, datasett.exe, 00000006.00000002.1760185978.00007FFE013CA000.00000002.00000001.01000000.00000023.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://crl.certigna.fr/certignarootca.crl01datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://www.cert.fnmt.es/dpcs/datasett.exe, 00000001.00000002.2912643746.000001CA10F31000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://google.com/maildatasett.exe, 00000001.00000002.2912355486.000001CA10AE3000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000001.00000002.2912643746.000001CA10D90000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757421956.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1755060297.00000288508C7000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.0000028850944000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1751322552.0000028850955000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754014840.00000288508C6000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752786045.0000028850945000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1753256581.0000028850946000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://crl.dhimyotis.com/certignarootca.crl$hxwdatasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://www.accv.es00datasett.exe, 00000001.00000002.2913343331.000001CA113D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pydatasett.exe, 00000006.00000003.1754601960.000002884E349000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningspfdatasett.exe, 00000001.00000002.2913158600.000001CA11190000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                		unknown
                                                                                                                                                                https://foss.heptapod.net/pypy/pypy/-/issues/3539datasett.exe, 00000001.00000002.2913023346.000001CA11070000.00000004.00001000.00020000.00000000.sdmp, datasett.exe, 00000006.00000002.1757610535.0000028850A90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.datasett.exe, 00000001.00000002.2911883602.000001CA0EA2E000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1754014840.00000288508C6000.00000004.00000020.00020000.00000000.sdmp, datasett.exe, 00000006.00000003.1752290953.00000288508BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high

                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                    Public IPs

                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                    104.26.3.46
                                                                                                                                                                    		iplogger.orgUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse

                                                                                                                                                                    General Information

                                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                    Analysis ID:1580468
                                                                                                                                                                    Start date and time:2024-12-24 16:46:07 +01:00
                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                    Overall analysis duration:0h 9m 45s
                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                    Report type:full
                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                    Number of analysed new started processes analysed:11
                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                    Technologies:
                                                                                                                                                                    • HCA enabled
                                                                                                                                                                    • EGA enabled
                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                    Sample name:datasett.exe
                                                                                                                                                                    Detection:MAL
                                                                                                                                                                    Classification:mal76.evad.winEXE@11/104@1/1
                                                                                                                                                                    EGA Information:
                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                    HCA Information:Failed
                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                                                                    Warnings

                                                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.63
                                                                                                                                                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                    • VT rate limit hit for: datasett.exe

                                                                                                                                                                    Simulations

                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                    15:47:01Task SchedulerRun new task: VirboUpd path: C:\Users\user\Desktop\datasett.exe

                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                    IPs

                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                    104.26.3.46W7ZBbzV7A5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      d1bc91bd44a0.exeGet hashmaliciousPrivateLoader, Stealc, VidarBrowse
                                                                                                                                                                        file.exeGet hashmaliciousRDPWrap Tool, Amadey, Socks5Systemz, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                          66fb252fe232b_Patksl.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                                                            file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                                                              file.exeGet hashmaliciousLummaC, PureLog Stealer, RedLine, Socks5Systemz, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                SecuriteInfo.com.Trojan.DownLoaderNET.786.26034.14743.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  kqS23MOytx.exeGet hashmaliciousSocks5Systemz, Stealc, Vidar, XWorm, XmrigBrowse

                                                                                                                                                                                    Domains

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                    iplogger.orgW7ZBbzV7A5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 104.26.3.46
                                                                                                                                                                                    care.rtfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 172.67.74.161
                                                                                                                                                                                    d1bc91bd44a0.exeGet hashmaliciousPrivateLoader, Stealc, VidarBrowse
                                                                                                                                                                                    • 104.26.3.46
                                                                                                                                                                                    file.exeGet hashmaliciousRDPWrap Tool, Amadey, Socks5Systemz, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                    • 104.26.3.46
                                                                                                                                                                                    66fb252fe232b_Patksl.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                                                                    • 104.26.3.46
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                                                                    • 104.26.3.46
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                                                                    • 104.26.2.46
                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                                                                                                                                    • 172.67.74.161
                                                                                                                                                                                    SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exeGet hashmaliciousAmadey, Clipboard Hijacker, Cryptbot, Go Injector, LummaC Stealer, PrivateLoader, PureLog StealerBrowse
                                                                                                                                                                                    • 172.67.74.161
                                                                                                                                                                                    SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exeGet hashmaliciousAmadey, Clipboard Hijacker, Cryptbot, Go Injector, LummaC Stealer, PrivateLoader, PureLog StealerBrowse
                                                                                                                                                                                    • 104.26.2.46

                                                                                                                                                                                    ASNs

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                    CLOUDFLARENETUShttps://tb.ldpdljrr.ru/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 104.21.30.230
                                                                                                                                                                                    installer.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 172.67.196.179
                                                                                                                                                                                    Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                    • 104.21.88.181
                                                                                                                                                                                    badvbscript.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 1.1.1.1
                                                                                                                                                                                    #U65b0#U5efa #U6587#U672c#U6587#U6863.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    • 172.67.201.143
                                                                                                                                                                                    https://u48635528.ct.sendgrid.net/ls/click?upn=u001.9c3qucD-2BQzNTT0bmLRTJr37m0fhz0zdKJtvEO5GYL-2FheRuyVOh-2FQG4V3oBgBPYNynDxn_I1ksFJapfNmw0nKrksu71KTxdlg2CVrjzBUVofCtIEhaWkhL1Pph-2Ffg-2BCFbPvkCL9SX-2Fn-2BNBrku3RcjHS1atB8ladrmemt-2BtQU5680xhgoUl-2FmS0Bdj-2FOfednny-2F-2Bj2bwjjubeRvrpN0J7TGLD3CnNRzymiQOzypjCqxHhzmXtY2EWHJMJBxjl-2FHlyEIekWjEdTpTsRC8R5LaI-2BXF4kV8UeUtXxyFJLbYiR3fqcWt2evvBBECu9MeQj8TLZrmfuTf-2BJQraijp8-2BcIdxf8rnVxjHoJK1lo9-2Bkao444JbRSinVA-2FoUxeuAtdlrITU1Z6gHAn7DLZstY4XJkhkT16-2F2TN4CFt2LQ-2BEh9GWg4EPlocPi8ljTs-2B9D9RVbWdc3s2Vk2VPHSj20oCO3-2FalihBzGJuaYie5tnYaz6wBF3EqNzMXmVqRnMZwSYuGRwSMVhkchytYzt3hUH-2F51IUfn7nuhHUcUbdS8nBYneAMuB2eSDRn8IZzUkExLUascCVn8T9ImEyo0qhVsBPdJjfT9L3qli9clY1N-2BhQXDZgQnsN1Bs9PujeLzem37C62BvWnqPnqvXh5vbcvseiZwTP35DEJysw-3D-3D#mlyon@wc.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                    • 104.17.25.14
                                                                                                                                                                                    vce exam simulator 2.2.1 crackk.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                    • 104.21.33.227
                                                                                                                                                                                    iUKUR1nUyD.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                    • 172.67.199.72
                                                                                                                                                                                    j6ks0Fxu6t.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                    • 104.21.36.201
                                                                                                                                                                                    wIgjKoo9iI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                    • 104.21.36.201

                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                    No context

                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                    No context

                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Common\en-US\sapi.dll.mui

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):16384
                                                                                                                                                                                    Entropy (8bit):3.560212102277829
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:4LEUt5t468Uq0voq3qv/DX0k8QtrutqGW9uJq/6kqHt8NZrzW0NWL:qd8r026yruBW9VUt0ZrzW0NWL
                                                                                                                                                                                    MD5:4D5B570C6A43917B52741B707341FDDA
                                                                                                                                                                                    SHA1:010A9C83255E9271154280418BF601F975430DD9
                                                                                                                                                                                    SHA-256:809AB1C72338B01C0DE9D7367E2763FCA896E0F6EC7E833F45DE45C3BC033134
                                                                                                                                                                                    SHA-512:4A7767152DBF40F41F0CB7399E3040DA4AE4D33D2204468EC0DDC0CA9B60F3424E7DD489463AB227584DA31DB550537140E980B271B8D2F434265B3627971729
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........>...............................................`............@.......................................... ..D;..............................8............................................................................rdata..............................@..@.rsrc....@... ...<..................@..@.....>.........T...8...8........>.........$...................8....rdata..8...x....rdata$zzzdbg.... ..0....rsrc$01....0#..08...rsrc$02.... ...r..P....i....<.? =.Y.....W..>.........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Common\sapi.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1569792
                                                                                                                                                                                    Entropy (8bit):6.1201506655739
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24576:7l085rs7VUKi682+npiLP82fIyL0/PcioZ:7qwsk1KLP82fI
                                                                                                                                                                                    MD5:F977B1ED7C926A23C9993E0CD9822B8E
                                                                                                                                                                                    SHA1:A90AB8D7D7F4C54829700700B210B17D63BA1F4D
                                                                                                                                                                                    SHA-256:958A63EFC1D059A3F8699B6A2AE1D59A1898F948A7819CC886A946F1C0E6496F
                                                                                                                                                                                    SHA-512:AEB28D8A69C7734F25DFF71B2715512122573EE05014A543054C8F79B8FD78E132BC1184069D7534F3073B121ADD245BDAC2AE7900E0637E1B8D3536E586F3C9
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Xh@.6;@.6;@.6;T.7:U.6;@.7;..6;T.5:K.6;T.2:.6;T.3:q.6;T.6:A.6;T.>:>.6;T..;A.6;T.4:A.6;Rich@.6;........PE..d................" .........................................................`.......~....`A.........................................:......$;.......p....................... ..l3......p.......................(................... ........8.......................text............................... ..`.rdata.. L.......N..................@..@.data...(X...`...4...J..............@....pdata...............~..............@..@.didat..p....`......................@....rsrc........p......................@..@.reloc..l3... ...4..................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\en-US\srloc.dll.mui

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                                    Entropy (8bit):3.5855334678640385
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:y+3B1xI/cY2gFQK44asIFOFYQaEVKZWPTHzawuGZ/AK5WwZHV:DUcYj2UOWPTuZUHWwb
                                                                                                                                                                                    MD5:311C1AE96CA16A1F9C0F4857AB81BD2F
                                                                                                                                                                                    SHA1:2FC721FD5E5CEDE54C6B598D0F473D61EB31F830
                                                                                                                                                                                    SHA-256:F57D453C82D5CEEB269E28961241C5F027EC17F65E6D1E8A45229471DBB5476F
                                                                                                                                                                                    SHA-512:EDB5961D57FD5C77CB57E1CDDE945BDF9C3A4753B96EDBAD6F890337BA9D32E29B80F94850593B3F08BAC4B5C1BCAF2B9FF8C4A891204C4720AE4A939EF39825
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........................................................0.......-....@.......................................... ..l...............................8............................................................................rdata..............................@..@.rsrc........ ......................@..@......)\........T...8...8.........)\........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01.....!.......rsrc$02.... ..._...Y ..9.h.._lG.\@.....@.c..)\........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\spsreng.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1073152
                                                                                                                                                                                    Entropy (8bit):6.650667849531351
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24576:fAGx/PfINLsVkWOur35TgkvUnHNyop+1BwBBH:fBPgBHur356z
                                                                                                                                                                                    MD5:FC3F513DBFA7AE54EF4E3498D9E9784B
                                                                                                                                                                                    SHA1:3F29B2C3E1E34D3062B17525669CD3B6F82961A2
                                                                                                                                                                                    SHA-256:67DF7281CE98F247F25427232785A8D651472E21488BF2CB4AB57CBAAB7BE016
                                                                                                                                                                                    SHA-512:D9594815B4A71BA70E16AA26317D7C8D93171EF958F824FA99AB9F8EE15885940D44D47334A6CF4668BDD27C10B3044DB131D841ACAD631869E9D3853775F2CC
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......H.b..y...y...y.......y...y...y.......y.......y......Oy.......y.......y......y.......y..Rich.y..........PE..d...4............." .....N...2......0b..............................................E.....`A................................................T...x................o.................. <..p...................x...(...`...................H............................text...,M.......N.................. ..`.rdata..\....`.......R..............@..@.data...............................@....pdata...o.......p..................@..@.rsrc................L..............@..@.reloc...............R..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\spsrx.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):105472
                                                                                                                                                                                    Entropy (8bit):5.961405979583004
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:HGvgUUbeZWCkPhh7rnrwwFQIgplqiOPRcuwtB9N6f:mvgD7rnVQIgpl16otB9
                                                                                                                                                                                    MD5:F3A75622E931E20DFFD1DAA951D71F39
                                                                                                                                                                                    SHA1:B94BB09EB306B88972397B8AF555623F0655F086
                                                                                                                                                                                    SHA-256:7B8F98BE4BD2145E4E1E4C71C6D2A1B789C6810F0582209502F4666A035B41C1
                                                                                                                                                                                    SHA-512:6222714A9F2F37CB58577EDE6D8246C528488D878830313D3D84372F1DCE8C5B79CEF99C4AC5CF229F2366663F1BB1DC7B8855DCD234426CFA202E32A08E8330
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p...4..@4..@4..@ ..A?..@4..@A..@ ..A=..@ ..Az..@ ..A...@ ..A5..@ ..A;..@ .*@5..@ ..A5..@Rich4..@................PE..d...Kc+..........." .................p..............................................^.....`A........................................@&.......&..x........`...p..................T...`...p...........................0...............H................................text............................... ..`.rdata...P.......R..................@..@.data....#...@......................@....pdata.......p.......,..............@..@.rsrc....`.......b...6..............@..@.reloc..T...........................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\SR\srloc.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):486400
                                                                                                                                                                                    Entropy (8bit):6.223693489277457
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12288:eQnZiz8HurXkIvbEoQwHG7jeCYtpEo7Tf:eQn/urXzzEtNopH7T
                                                                                                                                                                                    MD5:29BB9B5D6EFA4A639759E59641AA5821
                                                                                                                                                                                    SHA1:DC6E55DDB6F5C5061F48238E4AEC290E26EC7804
                                                                                                                                                                                    SHA-256:F373673D34CC74F76F8C951B664589845B9DD82C939F6973C67E8FFF7D6F9840
                                                                                                                                                                                    SHA-512:5E9D38856FA39F7F9221BCA2C9FDB72E62590D9544E9446CD76AD983FD4454885E52DACCFE8E1A71F1CBEAAC1BA23E981B051FB89819532698AF0AA20E15D65E
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........c.M..[M..[M..[D.[O..[Y..ZF..[M..[..[Y..ZA..[Y..Z..[Y..Z...[Y..ZL..[Y..Z/..[Y..[L..[Y..ZL..[RichM..[........PE..d...j............." .................,...............................................o....`A................................................t...........8....`..P...............x......p...................x7..(...`6...............7..`............................text............................... ..`.rdata..............................@..@.data...._.......>..................@....pdata..P....`...0..."..............@..@.rsrc...8............R..............@..@.reloc..x............X..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\TTS\MSTTSEngine.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1011072
                                                                                                                                                                                    Entropy (8bit):6.305825051822925
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24576:60Ys17BeFoRnCANrxjmao8OC7VM5s4sJQ10c1pSCLiXt3juk1vcMmLglSuCJ:ldF8FCCyrxjmatrV0sQ0cKmQBTM1
                                                                                                                                                                                    MD5:F9512C058964F125C0C0883C0CCA225E
                                                                                                                                                                                    SHA1:F5BE9E7DECF8A6BFAD3411FF8AE15E8F40405215
                                                                                                                                                                                    SHA-256:41CE9B38D03E80088A744C13229CAB4BC4CC9FBCF60C0E553A8E66EA8F9B07A4
                                                                                                                                                                                    SHA-512:1CE62154B0DBB0C4C55F7BD87C97877FEBD2CE59F8FACFB2C10D38F7F0968D3350B279A6D6853E71097093728120415DFDCE54D169819A789CA65A6A453A639D
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Iu.....T...T...T.lBT...T...U...T...U...T...T...T...U...T...U...T...U...T...U%..T...T...T...U...TRich...T........................PE..d......n.........." ......................................................................`A................................................x...........8w.......g...H...%...p..@.......p...........................0)..............H*...............................text............................... ..`.rdata...`.......b..................@..@.data...@V... ...N..................@....pdata...g.......h...L..............@..@.rsrc...8w.......x..................@..@.reloc..@....p.......,..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\Engines\TTS\MSTTSLoc.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):521728
                                                                                                                                                                                    Entropy (8bit):5.26816086887833
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:ZhyW3FrJhNl7y10hwkxJ7HNfS3GtsLtQNnzs4G8thhqsNYcoCfgISw:KW3F1Xl7ykxxt94b2hhqKYcngIS
                                                                                                                                                                                    MD5:40EB1F198A18021833E65A076955B03C
                                                                                                                                                                                    SHA1:730F666A44942AD4BA59C69948036C57B5DB9827
                                                                                                                                                                                    SHA-256:4ED0E11DF812CD586423182568E2F28B3DBA92F85B5FDA68351BF97468083079
                                                                                                                                                                                    SHA-512:70C9514587B81EE9A744234F5A5AFA1FBADB1DF4E457D7A47B304736240B60320B330A655F7A9F907247A049C134B3B488AF9898ACE8263026F83C745006DD35
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Xc.s... ... ... .z. ... .i.!... .i.!... ... ... .i.!... .i.!... .i.!... .i.!... .ii ... .i.!... Rich... ........................PE..d...D..".........." .........N...............................................0............`A............................................P.......................L)..............@>...k..p...........................P...............h................................text... ........................... ..`.rdata...2.......4..................@..@.data...............................@....pdata..L).......*..................@..@.rsrc...............................@..@.reloc..@>.......@..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SPTIP.DLL

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):159232
                                                                                                                                                                                    Entropy (8bit):6.141294435501823
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:wFp5C2mYK1JVOaFXlEbfIfhvIAG7+lyXOzt+ikzN:kp5CasO+1EjIfhvI/eyXy52N
                                                                                                                                                                                    MD5:C4D73A4379E6F55F698532ECBC9579BE
                                                                                                                                                                                    SHA1:FB53B40E6BEC2AEBB0BA97D86FE1D3C7CCE94D94
                                                                                                                                                                                    SHA-256:683F604AD40AB82382809D75595F734B672FAC75E1E8EF63C94683D11C848D6D
                                                                                                                                                                                    SHA-512:1AF8F089F4CCB67ADAB896AB7C0B23D69D3BEEB493E719FBEF55B507295CCDA7E7343D59504102433D02EA800C7FDEDFECE4252C36514537C52BD35FC067E8E4
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[\~..=...=...=...V...=...V...=...=...=...V...=...V...=...V...=...V...=...V..=...V...=..Rich.=..........PE..d... <............" ................0...............................................k.....`A................................................D........@...C...0..........................p...............................................p............................text............................... ..`.rdata..JN.......P..................@..@.data...x.... ......................@....pdata.......0......................@..@.rsrc....C...@...D...&..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SpeechUX.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1453568
                                                                                                                                                                                    Entropy (8bit):6.7106066470226216
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24576:lwcdUsNWUncNv/WwMri3RtZDJK3e86Lq2i1Sj57nyTTHmdR9adKn0ox8oLg:lrOsNtme5yPAe8GVjlnwy0dM0QLg
                                                                                                                                                                                    MD5:6BFEF5D4BA0C93C0BCE2593BAC58015C
                                                                                                                                                                                    SHA1:B03839587DC0CAD96277E0621850D6B151CF90A6
                                                                                                                                                                                    SHA-256:A7E2602CE3D1093712D316497D887D0C97A9738EDC026726055BF07572D84099
                                                                                                                                                                                    SHA-512:EDECCB0697F8CD7EAAF6E96AF783B328278AA53C02CF08A64403C3D04738CD0DC0746B726ECD010023F17B07DCDD1EA8B6BB47F7C122BC413D5A977AF20B2810
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s3...`...`...`...a...`...a...`...` ..`...a...`...a...`...a...`...a-..`...`...`...a...`Rich...`........PE..d...8............." .................Q...............................................k....`A........................................p.......,...|.... ...H.......d...........p......P...p...................x...(...`...........................`....................text...s........................... ..`.rdata.............................@..@.data....7...`...(...@..............@....pdata...d.......f...h..............@..@.didat.. ...........................@....rsrc....H... ...J..................@..@.reloc.......p......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SpeechUXPS.DLL

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):36352
                                                                                                                                                                                    Entropy (8bit):4.477100896687311
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:TzcEP6TRUpPzapbW8ufOOqvWiMq4GDDKkVuOUSo3OWczkjUJl0azvOpI80Ygkuuc:7pEahYABZI0
                                                                                                                                                                                    MD5:DFEC0317A1EA262D948A18424B86C2BA
                                                                                                                                                                                    SHA1:25BC5196E6B47AA72B4F09752382FF2C860FF19B
                                                                                                                                                                                    SHA-256:9C58C0059F53CD8B796A56A8D3F585A001FD29A3037FE8393292F52DC6AC1944
                                                                                                                                                                                    SHA-512:522E0FD4788CF0AE5EFE2312C7599D77474E4F54FDB5AC34757091A7ABE13564EE7560E6E83CC6E6417E31BBDF05CFC9A57C0BFFE2B21523F3062A43E9CF957F
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........V...8...8...8......8...;...8...<...8...9..8...9...8...8...8...0...8.......8...:...8.Rich..8.........PE..d...^............." .........~......0...............................................P.....`A...........................................................................................T............................a...............c..0............................text...p........................... ..`.rdata...c...0...d..................@..@.data................|..............@....pdata...............~..............@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\SpeechUXWiz.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):465920
                                                                                                                                                                                    Entropy (8bit):6.881687311752545
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12288:a7lb57GX8YbVe0TIrf8NbywLkRLgLBAgV:ul7Y82VLTIrfMy8oLg
                                                                                                                                                                                    MD5:02BCE04D6192EB6BC85A195E0187E707
                                                                                                                                                                                    SHA1:975ECD7E4D51DA13584F8453C9E4959FB94C0545
                                                                                                                                                                                    SHA-256:6FA424DDD31E80D679D987FD94FB2A35D8BBEAD7F5F09404AF531B46DBAE85B6
                                                                                                                                                                                    SHA-512:F1B82D484867585E206A2D48B64791724ED9AAE57FE55FAE755A786BEE228482CB9CBC03B1E84CFA4D7FD5BBDA0F733FE9500C8303834E3B23FB89580F589733
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#..bM..bM..bM...N..bM...I..bM...H..bM...L..bM..bL.E`M...E..bM......bM...O..bM.Rich.bM.........PE..d................."..........V.................@.............................`............`.......... .........................................,.... .. *...................P......0f..T.......................(.......................p............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc... *... ...,..................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\SpeechUX.dll.mui

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):77312
                                                                                                                                                                                    Entropy (8bit):3.9016462651552564
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:C12WsiBibFoTwLz7xk+9h67iKlpViTRFjwX42De1OODQ0Oxem2L+UypXkNNsLx7X:A9w0wLz7xk+9hYn1kylOoLKzmHu274e
                                                                                                                                                                                    MD5:00E741D6381CEF37CE3775365F8905B1
                                                                                                                                                                                    SHA1:686457F78C8BC1C40E9DDFD5F947CEF6A2BFACB8
                                                                                                                                                                                    SHA-256:D7677178E9E653C2EE56BB05153F710C089A0FDF4ACD61B227A7848316B3D5BE
                                                                                                                                                                                    SHA-512:3A22F9F56F616AB5A580F782A1168A16DA0AAF77EA28F2B6A782C4A050D89F2015BFA5616E257EE1A1ECB6B2D840EA90443591CE56EB3FB860D4A71F403D3522
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........,...............................................P.......F....@.......................................... ...(..............................8............................................................................rdata..............................@..@.rsrc....0... ...*..................@..@.....x.&........T...8...8........x.&........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01.....5.......rsrc$02.... .....fA.%..f....sA.X..1......5..x.&........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\SpeechUXRes.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):78336
                                                                                                                                                                                    Entropy (8bit):2.8994243966977833
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:sW8dlm/JCz244BOtBax2EzNSO1kG9qgiwv3b5KdqpGj0eZk8RVp2I6WNqw4gGu:L8MCf4BOtBax2E8kMB05K0pGloWNqwc
                                                                                                                                                                                    MD5:2E186A7F6E00285CA1600F6EC0E6EC60
                                                                                                                                                                                    SHA1:BEACB51296F4D3A1444025627C38ABAF21ED4D4F
                                                                                                                                                                                    SHA-256:052B316586906985C7C372ECD28B497C3C5ED2A7BF9F08E49AB31003F479E4D8
                                                                                                                                                                                    SHA-512:08487991457593FE5BB30EDAD55DD672E83284B1C0B76CE54089BFAC3DD2DE00C05491EA49B6EA7A9FD975E6FB4DFC0F2C04A0F6A4DE5AC1973C0CC6FD547CBB
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.PE..d.....yO.........." .........0...............................................P............`.......................................................... ..P-..............................8............................................................................rdata..............................@..@.rsrc...P-... ......................@..@......yO........T...8...8.........yO........$...................8....rdata..8...x....rdata$zzzdbg.... ..0....rsrc$01....0$.. )...rsrc$02.... ........8..l4.[...2K.DO_..Z.p..yO........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\SpeechUXWiz.exe.mui

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):2560
                                                                                                                                                                                    Entropy (8bit):3.305745657724211
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24:eH1GSAnmQxuWCp24Flaut0WIZW0R5w/aNuf3DA349DAlU35WWdPPYPNy0:yLyojFlaydIZWswUuPDn9D+K5WwHgp
                                                                                                                                                                                    MD5:C88E574480A4F42BBA617155D3B99729
                                                                                                                                                                                    SHA1:05C42F31E1FC4B9A09A4019BEE4722B82106F606
                                                                                                                                                                                    SHA-256:B16969B66A279BB0B771C8CCF0CDD2779797915B5590834B52976B884EA5F68A
                                                                                                                                                                                    SHA-512:BEEA0027E8DDE536D1285801B5FDFC9F4DF0AD6E5793314D8DB730D72E66A944487C633B3372DAA9E4F68BE7F7CF1DBEAD9899218D57A7B7C71977CECFFF4D8C
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........................................................0............@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc........ ......................@..@..............T...8...8.................$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01..... .......rsrc$02.... ...J...R.....Y<..z.yB................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\sapi.cpl.mui

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):19456
                                                                                                                                                                                    Entropy (8bit):3.484662654723136
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:jnnwPzkyzJTEhzDlpS/aBaUR0DdoNRF8VadaoQSvDDpPndYvWvOWx:jc9TEpxpSC8Q0ZGg8DDpPndYvWvOWx
                                                                                                                                                                                    MD5:7877D3A5F4D32B379E8209BF9A6C00CE
                                                                                                                                                                                    SHA1:65A16A418DAA0A98D742A508C3E6D26B33710960
                                                                                                                                                                                    SHA-256:AA0B020843020224A9AED9D5BD9500668734CEF37BA787CECA0E10B02534C7FA
                                                                                                                                                                                    SHA-512:0DA65E319D7859B8A614E8B80D227890080F5EF6C10045E1B0DE6FB175D7E96E577EB012BE9156F1DE2EAA9CFE11F0B2B8284DEC167DEE6D6BEFF8DA5A204617
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........J...............................................p............@.......................................... ...G..............................8............................................................................rdata..............................@..@.rsrc....P... ...H..................@..@......).........T...8...8.........).........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01.....,..(^...rsrc$02.... ....p.9@2.WF.e..%H..f..7.A...D..).........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\en-US\speechuxcpl.dll.mui

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):5632
                                                                                                                                                                                    Entropy (8bit):3.6343445557187257
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:W4wsQUC97naKzStnnL6YVU4Hcu/hrCZEWWFcWwUg:W4wP97naKEL6BSckhr/WwcWM
                                                                                                                                                                                    MD5:91FD2B37FC1D7756B3B6281A64A0E204
                                                                                                                                                                                    SHA1:F0CB018584E8E7D50AB006DDEFAD49656B279F32
                                                                                                                                                                                    SHA-256:B90215957B4A69B14694F0DEE7DD236B294B8F2881D11E9CDE13E30BD5128ABA
                                                                                                                                                                                    SHA-512:06263FD414D727808C5D4960B2530D963B3AA0C9B2C8FDEEFD5DE69C6E3F172D02DF22A2052968018953CBF75470EAEDCC8DAFC668739430D8B822AC99B18ADF
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........................................................@......A.....@.......................................... ..D...............................8............................................................................rdata..............................@..@.rsrc.... ... ......................@..@.......X........T...8...8..........X........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01.....!.......rsrc$02.... ........[.^..b...u...**..Q.$DG....X........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\ru-RU\SpeechUX.dll.mui

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):77312
                                                                                                                                                                                    Entropy (8bit):3.9024324035505042
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:j1WWAciBibFoTwLz7xk+9h67iKlpViTRFjwX42De1OODQ0Oxem2L+UypXkNNsLx8:xdl0wLz7xk+9hYn1kylOoLKzmHuJL4e
                                                                                                                                                                                    MD5:3FB04397AD2245E5FECDD61301E0ABDB
                                                                                                                                                                                    SHA1:DBDAFFBCE34C5A7B5DDDE260B2DB4E81C225FF0F
                                                                                                                                                                                    SHA-256:B2AD0F7DC268B4371E41187547B4C8D6BEB990A37B43A1257295FDFAD6D37C18
                                                                                                                                                                                    SHA-512:523AA4587EA744128EE56D83E06777B3AABAFF18CA352ADB257C964C219B770E5A03F58F6C6DA46AEF62F20DB42F3A0682847E07FDF7E382C2BB0A1D43C67A31
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........,...............................................P.......M....@.......................................... ...(..............................8............................................................................rdata..............................@..@.rsrc....0... ...*..................@..@.....x.&........T...8...8........x.&........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01.....5.......rsrc$02.... .....fA.%..f....sA.X..1......5..x.&........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\ru-RU\SpeechUXWiz.exe.mui

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):2560
                                                                                                                                                                                    Entropy (8bit):3.308058071761624
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24:eH1GSAW5mQxeWCp24Fu1Laut0WbZW0R5w/aNuf3DA349DAlU35WWdPPYPNyk:yyy4jFKLaydbZWswUuPDn9D+K5WwHg5
                                                                                                                                                                                    MD5:D246DC71694598FCE6026321BB692133
                                                                                                                                                                                    SHA1:B8D79EFFD6682DA2DAFE06DC28831F614DD34247
                                                                                                                                                                                    SHA-256:980CF034A8E6B7AF0224AA945EA37FCDCD2D42A30FF8D37DC60CB38E7C10E275
                                                                                                                                                                                    SHA-512:D522573112A3227E66573A60E6E2F7C83D6857310F3ECBB0D0A8BB89478ECFC881E9580FF458945FFB564AEA36DB9B78EE5D1FED2DF4D24BAAB8FB9D1A87C399
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........................................................0......6.....@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc........ ......................@..@..............T...8...8.................$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01..... .......rsrc$02.... ...J...R.....Y<..z.yB................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\ru-RU\speechuxcpl.dll.mui

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):5632
                                                                                                                                                                                    Entropy (8bit):4.144916424063844
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:yBtMmAKmq55Y87oLH+P3Jehyi0DRM/L+hg+OSjwGaauNee28bZWxJuT+3Bzdb+ft:sBz5m+PZkyXDIL+jEpek9Wl3BzukU
                                                                                                                                                                                    MD5:FB407D2CBDC6F7C035AC2D1E72CAC0CA
                                                                                                                                                                                    SHA1:1352FC6CF552001253DCCEB1CE380FE637496755
                                                                                                                                                                                    SHA-256:2D0AACB594AC744F32F3701C17B911E845B3D51F583E9903F513C705811BB08F
                                                                                                                                                                                    SHA-512:2A65E36CCAEA2C266DB5B324832E285832F97C53916AAA7E2C5089B93571DAC57C1FE02698228EE9A926E0524BFB6E0CD43734FAA9A48BD1BAD2888CF94D2A4F
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........................................................@......jv....@.......................................... ..$...............................8............................................................................rdata..............................@..@.rsrc.... ... ......................@..@.......X........T...8...8..........X........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01.....!.......rsrc$02.... ........[.^..b...u...**..Q.$DG....X........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\sapi.cpl

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):242176
                                                                                                                                                                                    Entropy (8bit):6.676508342306661
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:sU3hZm7vF5qXHgWGQjof9jK57wz/k4KqugbPXU4AgV8:s2hZmj8c4wLkRLgLBAgV
                                                                                                                                                                                    MD5:2BBBD624B2A736A3806D00280DF1AD3E
                                                                                                                                                                                    SHA1:CF3D04FD61427BD8DC90327B14DB889A3316FED5
                                                                                                                                                                                    SHA-256:39BD24863FBB18FF7B14838E8062CAD91286A04550BA405B17E16D82759E23F0
                                                                                                                                                                                    SHA-512:2D8E2A8EF8195026C87E2FF0351D6BCA7EC32D66197CC9A379974FE1CFCAEB20691FCD23F5F0FBD489A4015858E6D0E6B6B0CE3A871F6EBACBAD6CFAC1DD8B59
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J..+y..+y..+y..@z..+y..@}..+y..+x.S+y..@x..+y..@|..+y..@y..+y..@q..+y..@...+y..@{..+y.Rich.+y.........PE..d................." ................P...............................................h:....`A........................................`u.......v...........-..........................0W..T............................2...............3...............................text..."........................... ..`.rdata..VX...0...Z..................@..@.data................t..............@....pdata...............v..............@..@.rsrc....-..........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\Speech\SpeechUX\speechuxcpl.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):456704
                                                                                                                                                                                    Entropy (8bit):6.279275444299788
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:DHn92Fa74KFycUY6Qwz/k4KqugbPXU4AgV8CCQ4Vb4XURS9Z8DdkTniNnB0OF5O:DH92Fa776QwLkRLgLBAgV7QSjkF5O
                                                                                                                                                                                    MD5:59149DF9B45EADCBDD38A2352935EB63
                                                                                                                                                                                    SHA1:7BAAE44743F096616A843BDDD12869641AA969A6
                                                                                                                                                                                    SHA-256:397550185BCAFA2E46C05DD462C4E8C750E0AC60F896C9EA43493210A9BD7BA2
                                                                                                                                                                                    SHA-512:FB8488472DA20A5FDE2A82C17D9202603BC893B4A55AAF51C91DD87261D9859C845ADC4435E13AA23B4A73473B008CDD1EE7F1EBDD9EDEDEC118254CB664B796
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c.S.'.=.'.=.'.=.3.>.$.=.3.9.7.=.3.8. .=.'.<.e.=.3.<.0.=.3.=.&.=.3.5.0.=.3..&.=.3.?.&.=.Rich'.=.................PE..d................." ................@........................................@............`A.........................................x.......y...........B...................0.......b..p............................?...............@..@....w..@....................text............................... ..`.rdata...t...0...v..."..............@..@.data...............................@....pdata..............................@..@.didat..(...........................@....rsrc....B.......D..................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\VCRUNTIME140.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):97168
                                                                                                                                                                                    Entropy (8bit):6.424686954579329
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:yKHLG4SsAzAvadZw+1Hcx8uIYNUzU6Ha4aecbK/zJZ0/b:yKrfZ+jPYNz6Ha4aecbK/FZK
                                                                                                                                                                                    MD5:A87575E7CF8967E481241F13940EE4F7
                                                                                                                                                                                    SHA1:879098B8A353A39E16C79E6479195D43CE98629E
                                                                                                                                                                                    SHA-256:DED5ADAA94341E6C62AEA03845762591666381DCA30EB7C17261DD154121B83E
                                                                                                                                                                                    SHA-512:E112F267AE4C9A592D0DD2A19B50187EB13E25F23DED74C2E6CCDE458BCDAEE99F4E3E0A00BAF0E3362167AE7B7FE4F96ECBCD265CC584C1C3A4D1AC316E92F0
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..qn.."n.."n.."...#l.."g.."e.."n.."B.."<..#c.."<..#~.."<..#q.."<..#o.."<.g"o.."<..#o.."Richn.."................PE..d...Y.-a.........." .........`......p.....................................................`A.........................................B..4....J...............p..X....X...#..........h,..T............................,..8............................................text............................... ..`.rdata...@.......B..................@..@.data...@....`.......@..............@....pdata..X....p.......D..............@..@_RDATA...............P..............@..@.rsrc................R..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\VCRUNTIME140_1.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):37240
                                                                                                                                                                                    Entropy (8bit):6.3017272133584585
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:5GnvMCmWEyhUcSLt5a9k6KrOE5fY/ntz5txWE6Wc+XfbRuncS74G5WreKWn14gHc:rCm5yhUcwrHY/ntTxT6ovq7nt+dN
                                                                                                                                                                                    MD5:37C372DA4B1ADB96DC995ECB7E68E465
                                                                                                                                                                                    SHA1:6C1B6CB92FF76C40C77F86EA9A917A5F854397E2
                                                                                                                                                                                    SHA-256:1554B5802968FDB2705A67CBB61585E9560B9E429D043A5AA742EF3C9BBFB6BF
                                                                                                                                                                                    SHA-512:926F081B1678C15DC649D7E53BFBE98E4983C9AD6CCDF11C9383CA1D85F2A7353D5C52BEBF867D6E155FF897F4702FC4DA36A8F4CF76B00CB842152935E319A6
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D_.O.>...>...>...N...>..RK...>...F^..>...>..1>..RK...>..RK...>..RK...>..RK...>..RK2..>..RK...>..Rich.>..........................PE..d...^.-a.........." .....:...6......`A..............................................7]....`A.........................................l.......m..x....................n..x#......<...(b..T............................b..8............P..X............................text...e9.......:.................. ..`.rdata.. "...P...$...>..............@..@.data... ............b..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..<............l..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\__init__.py

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):103
                                                                                                                                                                                    Entropy (8bit):4.7776012320135814
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:SDXnlvJI1VJ9uoXSPVSfQQDaIFLVd6eOFJi9cr6yn:SzlRFKSPVS9DaIFLVd6p6986yn
                                                                                                                                                                                    MD5:7F36C3A1229DC69716EEE499EC320A45
                                                                                                                                                                                    SHA1:56108D0F028BC700971660C860896D38498273D1
                                                                                                                                                                                    SHA-256:FF1C7CC1A542A71F0C643A90263E4C2A2508C1BF1E444D307720CCF00AEAC0ED
                                                                                                                                                                                    SHA-512:C8154A7E9FDDD2F56C44FE6195D88E40BF2222AD45371E5AAF8562D7942A2ACC5D4047DADC53799D1DC8C7FEECA79C7A0841421CE703BFCA55D9A38FADB021A0
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:# Pyarmor 8.4.6 (trial), 000000, 2024-05-12T12:07:32.837794..from .pyarmor_runtime import __pyarmor__..

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\__pycache__\__init__.cpython-39.pyc

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:python 3.9 byte-compiled
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):216
                                                                                                                                                                                    Entropy (8bit):4.722399012935214
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:wtLel0VlG1/QlZfQv+21j+66rX2eOX1OxpMBXnUXo37eO+VV/VOMLkcqMX:QO0e1/QC1v6j2pl+MeXwpenJX
                                                                                                                                                                                    MD5:95A763554322BCAB07C9FEC78B85FA80
                                                                                                                                                                                    SHA1:C674D621F5B5FCD1E9181C850C6FA7B795649B49
                                                                                                                                                                                    SHA-256:D1113ABB8FE3AEDB22358C9F4FA06E76858733027A2AFF98ED520C11976B0A70
                                                                                                                                                                                    SHA-512:36ABC6820114CA4E9F7E2E4714AD50ECC787C3C6B81C1C89FC8E26627642D9A456B34F4C6583D618A13B1AE8676E343E8D03196EAA2F471DEF036B009F6B3DEA
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:a.......t.Afg........................@...s....d.d.l.m.Z...d.S.)......)...__pyarmor__N).Z.pyarmor_runtimer......r....r.....JD:\00Th\1 Steal\Droper\Drop8\dist830512\pyarmor_runtime_000000\__init__.py..<module>.........

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\_bz2.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):86984
                                                                                                                                                                                    Entropy (8bit):6.449825326118893
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:7BVEz7G6jRTRdDsyKzogNC1Ue3FFwOl8lOP1ipVI5tV/7SyIwV:t6znFihztuUe3sOKlg1ipVI5tV/eW
                                                                                                                                                                                    MD5:7F2BBA8A38712D00907F6E37F0CE6028
                                                                                                                                                                                    SHA1:E22227FC0FD45AFDCF6C5D31A1CEBFFEE22DFC32
                                                                                                                                                                                    SHA-256:CD04EBE932B2CB2FD7F01C25412BDDD77B476FA47D0AFF69A04A27D3BFE4B37B
                                                                                                                                                                                    SHA-512:CA46CEAF1B6683E6D505EDBE33B1D36F2940A72FC34F42FA4AA0928F918D836803113BF9A404657EC3A65BC4E40ED13117AD48457A048C82599DB37F98B68AF0
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+..>oh.moh.moh.mf.<meh.m=..lmh.m..Rmlh.m=..lch.m=..lgh.m=..lkh.m...llh.m...lmh.moh.m.h.m...lgh.m...lnh.m..Pmnh.m...lnh.mRichoh.m........................PE..d.....;b.........." .........f......0........................................p.......{....`.............................................H............P.......@..4....4.......`...... ...T...............................8...............@............................text...j........................... ..`.rdata...B.......D..................@..@.data........0......................@....pdata..4....@......................@..@.rsrc........P.......(..............@..@.reloc.......`.......2..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\_ctypes.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):127432
                                                                                                                                                                                    Entropy (8bit):5.943754325028008
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:ys51kM2JpMk49dWZKrcsaIopJfrZquAAIZI5QP1y:tnkMoOwCcDfrZgAIg
                                                                                                                                                                                    MD5:38D9D8ED2B7DF64790150A2A523FD3B9
                                                                                                                                                                                    SHA1:A629C8E76136FA5678C758351E2DCFF5324F51E7
                                                                                                                                                                                    SHA-256:11DAEF02AFE45D9F3987BAB5C2B6EF75B2B6F6F79704C45675D532F090F14B8B
                                                                                                                                                                                    SHA-512:7A37A98BB9824680E3F0030E0DB795F9EAB1CC4D2B6605E4F6C37D432B4DE0642481DD7B6C6F0E53264F2D940B4800555AB0D84145D7DE35F4A65A26CA100FE8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S..2c..2c..2c..J...2c..Gb..2c..Gf..2c..Gg..2c..G`..2c..Gb..2c.y@g..2c.y@b..2c.0[b..2c..2b.B2c..Gn..2c..Gc..2c..G...2c..Ga..2c.Rich.2c.........PE..d.....;b.........." .................^...............................................6....`..........................................d......te..........................................T........................... ...8............................................text............................... ..`.rdata...p.......r..................@..@.data...D?.......:...v..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\_decimal.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):272328
                                                                                                                                                                                    Entropy (8bit):6.531650091351777
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:PSYgOVbBi7eTDJWMccBp0hyQLM1A5h7329qWMa3pLW1AvxzfDbNSQ:1Bi7eTtdbIZLtpUhSQ
                                                                                                                                                                                    MD5:1139CC9D936B6028305749568EC5CAC7
                                                                                                                                                                                    SHA1:8AEE810BC2CCFC3C36BEF6ED59B3826BB7070299
                                                                                                                                                                                    SHA-256:67A47D85CC1A21069610C85DA64FC031231D43AF7876DFC48361C57D88EFEE0B
                                                                                                                                                                                    SHA-512:1DD4CF64D51A4D9B9F35F1932428F92A3EF538DB62B503097A9DFC1940AFAE59B0D890ACA149A67FF1BD5D343D8E4F38CADD49065404E9CB2902F1ED6DBB754B
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$.:.`.T.`.T.`.T.i..n.T.2.U.b.T.2.Q.l.T.2.P.h.T.2.W.d.T..U.c.T...U.b.T.`.U...T..W.a.T..Y.o.T..T.a.T....a.T..V.a.T.Rich`.T.........PE..d.....;b.........." .........J......@........................................@......id....`.........................................P...P............ ...........,...........0..`.......T...............................8...............(............................text............................... ..`.rdata..............................@..@.data...X*.......$..................@....pdata...,..........................@..@.rsrc........ ......................@..@.reloc..`....0......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\_hashlib.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):65480
                                                                                                                                                                                    Entropy (8bit):6.0825664613687085
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:V2UsyQLwkpuRYqVcXP7O9zozEDvZhjqNI55IE7Syj:V2gSP7QZhjqNI55IE1
                                                                                                                                                                                    MD5:75ED91D3B7A40ECA5B32A13B90191EAD
                                                                                                                                                                                    SHA1:320BD4B6116F735D8508382738E50BA8862B8029
                                                                                                                                                                                    SHA-256:202535A5CEB0BF70C2046639A3884C24F2CCCB1BD92827E61B5A7A663D9399BA
                                                                                                                                                                                    SHA-512:0EB81335C97842233751E7B4C0D6581ACCAF00A86F3E06FE35B2C80BD6BADF83A321EAF4A449A31238ED3F60AA09890769BF54775CD7EFD5112255842E1582C2
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x.N...N...N...G..L.......L.......E.......F.......M.......L......L.......M...N..........O.......O.......O.......O...RichN...................PE..d.....;b.........." .....^...........@....................................... ...........`.............................................P......x...............................H...p{..T............................{..8............p..(............................text....].......^.................. ..`.rdata...R...p...T...b..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..H...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\_lzma.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):163784
                                                                                                                                                                                    Entropy (8bit):6.779442007393752
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:JaV4kBVeMMbwjQneCHPDLORDEWznfo9mNoPrL4rbVI5e1En:JaV4kBVHMKQZrUDEIwYOPwrb2
                                                                                                                                                                                    MD5:AD02EA81A127A401F4DF84C082F3CCE6
                                                                                                                                                                                    SHA1:9C6C851C52F331D17A33936C9AAD8DCEF2542709
                                                                                                                                                                                    SHA-256:4213FBB6936AD3EAC1E1BA28F10E15719176BC3A59FF01DDC6828DD7EEE52132
                                                                                                                                                                                    SHA-512:CDCCD9E5FFFC2A2836F7677985D63C0A8A90FC91F1D98A0F2355C11141E21ECD564BBBFBA87E717AC80F784A68B6F43430476FBD72CEC9820C691DF6612FFD16
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N...............u.....X.......X.......X.......X..........................h......0........................Rich............................PE..d.....;b.........." .....|..........43..............................................*.....`..........................................7..L...\7..x............`.......`..........4...x...T..............................8...............8............................text....z.......|.................. ..`.rdata..R...........................@..@.data........P.......4..............@....pdata.......`.......<..............@..@.rsrc................T..............@..@.reloc..4............^..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\_queue.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):30152
                                                                                                                                                                                    Entropy (8bit):6.179113434701911
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:73ZiJO6iUi3w2SW6A6rOuBvY3nhsXnnSZI57UrIYiSy1pCQLuhmhg:uO6Q3R6rOUQ2iZI57UUYiSyvUmhg
                                                                                                                                                                                    MD5:F9718FE21174D8428F022AAF60BF92DA
                                                                                                                                                                                    SHA1:DB7E85EAA7C795792050AF43D47518CA7FA7878A
                                                                                                                                                                                    SHA-256:95E1C419E08D8AB229B8C64D51FD301CD9D75A659DFC05E75B0317CA0A4F22E3
                                                                                                                                                                                    SHA-512:000929C994446F22E4F11A011C21B7401BBE8B3B1A624B80A4EEB818F94190B3DB2782B00E477E548814CAEA5234D4DE5A8A766D72365C26654D655EC4546BE3
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........q.B...B...B...K..@.......@.......I.......J.......A.......A......@...B...........C.......C.......C.......C...RichB...........PE..d.....;b.........." .........:......................................................bI....`..........................................C..L....C..d....p.......`..0....V..............03..T............................3..8............0..@............................text............................... ..`.rdata.......0......."..............@..@.data... ....P.......@..............@....pdata..0....`.......F..............@..@.rsrc........p.......J..............@..@.reloc...............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\_socket.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):80840
                                                                                                                                                                                    Entropy (8bit):6.16679379591815
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:GBCJoimjxvExWxAm9/s+++pJj1XmrpZxP4cZI5Qw47Syo:dai6lfAm9/sT+pbmrbjZI5Qw46
                                                                                                                                                                                    MD5:0A6C6FD7697E4C3757014FA6BF6DD615
                                                                                                                                                                                    SHA1:F14F79831B8B16A7B31F4C7F698317C023D446F9
                                                                                                                                                                                    SHA-256:A611E9B4F4E5FE67E945B771D79CF15C48441ECFA11CE186CEC9BF233DC20C0D
                                                                                                                                                                                    SHA-512:F5FCFEDE06F0F81229B946F803B6E292FD0C909191F3C2A82CA317FF7C2E08D1EA98AA2D11EC85EDD5449994A2A7C61318A15D47806CD761E25739494F3E18E6
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{..............bk......o.......o.......o.......o.......o..............uh.......o.......o.......o.......o......Rich............................PE..d.....;b.........." .....z..........d(.......................................`.......&....`.........................................0...P............@.......0..t............P..........T...........................P...8............................................text....y.......z.................. ..`.rdata..ly.......z...~..............@..@.data...(...........................@....pdata..t....0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\_ssl.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):156104
                                                                                                                                                                                    Entropy (8bit):5.936947272634989
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:7+W/EKFRXUxwSYQyDiyqoIpy07KhpGs2W74DH70NmHh4kwooSLteSdN1SGwVI5tB:7GKFRXUxrZyDHKehp9743DthN1SGw0
                                                                                                                                                                                    MD5:3BAF56D4E63A800FCAF2CC98FC120709
                                                                                                                                                                                    SHA1:2A33341EDA4B4549452B6DB9B259F8AE6EC9C806
                                                                                                                                                                                    SHA-256:D7610DD6BE63AADA4FE1895B64BBAC961840257C6988E1F68BBF3D8E486B5A45
                                                                                                                                                                                    SHA-512:E48899ED5581FE9F45C02219D62E0ACBC92906AF5B7A3B7D9BE1BB28B41F5CFDB0D3496ABC6D0C1A809BB80D2A49C5A456D34E4667995FB88EF8ACA6958881DD
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d.D. .*. .*. .*.).&.*.r.+.".*.r./.,.*.r...(.*.r.).#.*...+.".*...+.$.*. .+.X.*...+.'.*...'.".*...*.!.*....!.*...(.!.*.Rich .*.........................PE..d.....;b.........." .........................................................p............`.........................................@...d............P.......@.......B.......`..........T...............................8............................................text............................... ..`.rdata..............................@..@.data... n.......h..................@....pdata.......@....... ..............@..@.rsrc........P.......*..............@..@.reloc.......`.......4..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\_uuid.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):24520
                                                                                                                                                                                    Entropy (8bit):6.177351750137684
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:oTcuByPxXyessB5XnkPrVI5ewOIYiSy1pCQvVFh6:owCiB50PrVI5ewDYiSyvnh6
                                                                                                                                                                                    MD5:EFAAB22452B7D55BD684F29D7DF015A0
                                                                                                                                                                                    SHA1:ED9A244F5CCE66B69FA275704BA8048C3956DB91
                                                                                                                                                                                    SHA-256:D8B97BD2D8D372B5B7675F5EC8A31A7F7D01AB36DD8C8273273B4C465B70C4E5
                                                                                                                                                                                    SHA-512:AF7E6535C8E0C540E0BE69A164C00FBF03C572FAEA871A377DB72937A8A54E015EA278FE8981D9A27DAF9BFC094AEEFD036E5B143C58B776AFE995D4B503790A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&4F.bU(.bU(.bU(.k-..`U(.0 ).`U(.0 -.iU(.0 ,.jU(.0 +.aU(.. ).`U(..').gU(.bU).KU(.. .cU(.. (.cU(.. ..cU(.. *.cU(.RichbU(.........................PE..d.....;b.........." .........*......t.....................................................`..........................................9..L...<:..x....p.......`..|....@..........<...L2..T............................2..8............0..p............................text............................... ..`.rdata.......0......................@..@.data........P......................@....pdata..|....`.......0..............@..@.rsrc........p.......4..............@..@.reloc..<............>..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\base_library.zip

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1038695
                                                                                                                                                                                    Entropy (8bit):5.492286183311183
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24576:TK73vupwcosQNRs54PK4ItEVwHkfVExmFgBTUSCM:TK73vuecosQNRs54PK4ID+wTx
                                                                                                                                                                                    MD5:2E134828C303EDBF09DD29AD27DD4B8A
                                                                                                                                                                                    SHA1:F6D87842CB0273BCB5C62F457CE15F17F4AE1772
                                                                                                                                                                                    SHA-256:53322BCD7DB062B523F28DD68DBA06BBECB20421018F98E199B65D837B3517CE
                                                                                                                                                                                    SHA-512:C3115B060578ACC3AE414E94A60A4082FB069577B2D39BD897D463CB515BBAA033E0E21B1BCA3ED218A78C42D869A69352EA2E588CADE11AC26BE5444A3997B0
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:PK..........!...=............_bootlocale.pyca....................................@....x...d.Z.d.d.l.Z.d.d.l.Z.e.j...d...r,d.d.d...Z.nHz.e.j...W.n2..e.yh......e.e.d...rZd.d.d...Z.n.d.d.d...Z.Y.n.0.d.d.d...Z.d.S.)...A minimal subset of the locale module used at interpreter startup.(imported by the _io module), in order to reduce startup time...Don't import directly from third-party code; use the `locale` module instead!......N..winTc....................C........t.j.j.r.d.S.t.....d...S.).N..UTF-8.........sys..flags..utf8_mode.._locale.._getdefaultlocale....do_setlocale..r......_bootlocale.py..getpreferredencoding...............r......getandroidapilevelc....................C........d.S.).Nr....r....r....r....r....r....r...............c....................C........t.j.j.r.d.S.d.d.l.}.|...|...S.).Nr....r......r....r....r......localer......r....r....r....r....r....r.....................c....................C....6...|.r.J...t.j.j.r.d.S.t...t.j...}.|.s2t.j.d.k.r2d.}.|.S.).Nr......darwin..r....

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\certifi\cacert.pem

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):290282
                                                                                                                                                                                    Entropy (8bit):6.048183244201235
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:QW1H/M8fRR1jplkXURrVADwYCuCigT/Q5MSRqNb7d8iu5Np:QWN/TRJLWURrI55MWavdF0L
                                                                                                                                                                                    MD5:302B49C5F476C0AE35571430BB2E4AA0
                                                                                                                                                                                    SHA1:35A7837A3F1B960807BF46B1C95EC22792262846
                                                                                                                                                                                    SHA-256:CF9D37FA81407AFE11DCC0D70FE602561422AA2344708C324E4504DB8C6C5748
                                                                                                                                                                                    SHA-512:1345AF52984B570B1FF223032575FEB36CDFB4F38E75E0BD3B998BC46E9C646F7AC5C583D23A70460219299B9C04875EF672BF5A0D614618731DF9B7A5637D0A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer\md.cp39-win_amd64.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):10752
                                                                                                                                                                                    Entropy (8bit):4.673140392808471
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:sh72HzA5iJGhU2Y0hQMsQJCUCLsZEA4elh2XQMtCFrHx0gzcX6g8cim1qeSju1:u2HzzU2bRYoexHXzcqgvimoe
                                                                                                                                                                                    MD5:D93AD224C10BA644F92232A7B7575E23
                                                                                                                                                                                    SHA1:4A9ABC6292E7434D4B5DD38D18C9C1028564C722
                                                                                                                                                                                    SHA-256:89268BE3CF07B1E3354DDB617CB4FE8D4A37B9A1B474B001DB70165BA75CFF23
                                                                                                                                                                                    SHA-512:B7D86ECD5A7372B92EB6C769047B97E9AF0F875B2B02CFF3E95D3E154EF03D6B9CF39CC3810C5ECA9FEA38FEA6201E26F520DA8B9255A35E40D6EC3D73BB4929
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b6..&W..&W..&W..//..$W..3(..$W..m/..$W..3(..-W..3(...W..3(..%W.."..%W..&W...W.....'W.....'W....a.'W.....'W..Rich&W..........................PE..d...?hAe.........." ...%.....................................................p............`..........................................'..l...\(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\charset_normalizer\md__mypyc.cp39-win_amd64.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):120320
                                                                                                                                                                                    Entropy (8bit):5.877090503831313
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:mYKj20ufpEMocaJX3kjtOvBRPLugqZGL5GF:ONdDKZGLW
                                                                                                                                                                                    MD5:B5692F504B608BE714D5149D35C8C92A
                                                                                                                                                                                    SHA1:62521C88D619ACFFF0F5680F3A9B4C043ACF9A1D
                                                                                                                                                                                    SHA-256:969196CD7CADE4FE63D17CF103B29F14E85246715B1F7558D86E18410DB7BBC0
                                                                                                                                                                                    SHA-512:364EB2157B821C38BDEED5A0922F595FD4EEAD18CEAB84C8B48F42EA49AE301AABC482D25F064495B458CDCB8BFAB5F8001D29A306A6CE1BBB65DB41047D8EA5
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^..S.xr..xr..xr......xr...s..xr.Q.s..xr...w..xr...v..xr...q..xr...s..xr..xs..xr.#.z..xr.#.r..xr.#....xr.#.p..xr.Rich.xr.........PE..d...>hAe.........." ...%.............2....................................... ............`.............................................`...........................................Px...............................w..@............@...............................text...8-.......................... ..`.rdata...X...@...Z...2..............@..@.data...8=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\icon.ico

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:MS Windows icon resource - 1 icon, -128x-128, 32 bits/pixel
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):67646
                                                                                                                                                                                    Entropy (8bit):2.9877924081466984
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:76/22LIO5zUSFZGcj3TQip80U7YVhCUsmlqnrL8sRVzbEQwnOUwFxF9qgdTddRj+:eLVEB1e
                                                                                                                                                                                    MD5:B0FE457D80C766030BE3804E149F4A95
                                                                                                                                                                                    SHA1:32530E3AB0BBD5B22B0FC544FFE829709CAE02EC
                                                                                                                                                                                    SHA-256:1472F258F96FFDBB6B0E147260943599ABACDF6DF0DACE38ABAC9744D6B18590
                                                                                                                                                                                    SHA-512:EB704A2CB38F594B80EAEC2D1FDB9D5F9BB6FB04494799895CF12CB002205225983D5B217B19C61672BE43F9EFAD752F1726B0D62EB7A75777F3A893AD6BEC0A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............ .(.......(............. .........8...8...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................82&.94&.93&.82&.82&.82&.82&.82&.82&.82&.82&.82&.82&.82&.82&.82&.82&.51%.51%.92&...................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\libcrypto-1_1.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):3439512
                                                                                                                                                                                    Entropy (8bit):6.096012359425593
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:98304:kw+jlHDGV+EafwAlViBksm1CPwDv3uFfJ1:1slHDG2fwAriXm1CPwDv3uFfJ1
                                                                                                                                                                                    MD5:AB01C808BED8164133E5279595437D3D
                                                                                                                                                                                    SHA1:0F512756A8DB22576EC2E20CF0CAFEC7786FB12B
                                                                                                                                                                                    SHA-256:9C0A0A11629CCED6A064932E95A0158EE936739D75A56338702FED97CB0BAD55
                                                                                                                                                                                    SHA-512:4043CDA02F6950ABDC47413CFD8A0BA5C462F16BCD4F339F9F5A690823F4D0916478CAB5CAE81A3D5B03A8A196E17A716B06AFEE3F92DEC3102E3BBC674774F2
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........R.m.R.m.R.m.[...@.m.0.l.P.m.0.h.^.m.0.i.Z.m.0.n.V.m.R.l..m..l.Y.m...n.O.m...i.+.m...m.S.m....S.m...o.S.m.RichR.m.........................PE..d...`.0b.........." ......$...................................................5......4...`..........................................x/..h...:4.@....p4.|....p2.8....\4.......4..O....,.8...........................`.,.@............04..............................text.....$.......$................. ..`.rdata........$.......$.............@..@.data...!z....1..,....1.............@....pdata.......p2.......1.............@..@.idata..^#...04..$....3.............@..@.00cfg..u....`4.......3.............@..@.rsrc...|....p4.......3.............@..@.reloc...y....4..z....3.............@..B................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\libffi-7.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):32792
                                                                                                                                                                                    Entropy (8bit):6.3566777719925565
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:2nypDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYIoBneEAR8:2l0Vn5Q28J8qsqMttktDxOpWDG4yKRF
                                                                                                                                                                                    MD5:EEF7981412BE8EA459064D3090F4B3AA
                                                                                                                                                                                    SHA1:C60DA4830CE27AFC234B3C3014C583F7F0A5A925
                                                                                                                                                                                    SHA-256:F60DD9F2FCBD495674DFC1555EFFB710EB081FC7D4CAE5FA58C438AB50405081
                                                                                                                                                                                    SHA-512:DC9FF4202F74A13CA9949A123DFF4C0223DA969F49E9348FEAF93DA4470F7BE82CFA1D392566EAAA836D77DDE7193FED15A8395509F72A0E9F97C66C0A096016
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.3.r}]Ar}]Ar}]A{..Ap}]A .\@p}]A..\@q}]Ar}\AU}]A .X@~}]A .Y@z}]A .^@q}]A..Y@t}]A..^@s}]A..]@s}]A.._@s}]ARichr}]A........................PE..d......].........." .....F...$.......I....................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\libssl-1_1.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):698784
                                                                                                                                                                                    Entropy (8bit):5.533720236597082
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12288:waXWJ978LddzAPcWTWxYx2OCf2QmAr39Zu+DIpEpXKWRq0qwMUxQU2lvz:dddzAjKnD/QGXKzpwMUCU2lvz
                                                                                                                                                                                    MD5:DE72697933D7673279FB85FD48D1A4DD
                                                                                                                                                                                    SHA1:085FD4C6FB6D89FFCC9B2741947B74F0766FC383
                                                                                                                                                                                    SHA-256:ED1C8769F5096AFD000FC730A37B11177FCF90890345071AB7FBCEAC684D571F
                                                                                                                                                                                    SHA-512:0FD4678C65DA181D7C27B19056D5AB0E5DD0E9714E9606E524CDAD9E46EC4D0B35FE22D594282309F718B30E065F6896674D3EDCE6B3B0C8EB637A3680715C2C
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......{.T.?.:.?.:.?.:.6f..3.:.]f;.=.:..l;.=.:.]f?.3.:.]f>.7.:.]f9.;.:..g;.<.:.?.;...:..g>...:..g:.>.:..g.>.:..g8.>.:.Rich?.:.........PE..d.....0b.........." .....<...T......<................................................[....`.........................................00...N..HE..........s.......|M..............h... ...8...............................@............0..H............................text....:.......<.................. ..`.rdata..:....P...0...@..............@..@.data...AM.......D...p..............@....pdata..dV.......X..................@..@.idata..PW...0...X..................@..@.00cfg..u............d..............@..@.rsrc...s............f..............@..@.reloc..a............n..............@..B................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\packs.sha256

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):490927
                                                                                                                                                                                    Entropy (8bit):5.03059381086955
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:kPM4sAhq8NRToFMC5B3YC6WWmO5NUjEeinQHBWW2d9KEaFvdBhhPh25dmNC+F:kPM4FC5FBWna5ik2dAFv/hueNC+F
                                                                                                                                                                                    MD5:F957DAA947E41003AFF3BE5285EF16A9
                                                                                                                                                                                    SHA1:0AF8277470EBB644C9110689E34676924A6B632E
                                                                                                                                                                                    SHA-256:BE9032D65E872891DB9722CB4ED28CCC2F176C84DD1455D0B313E3957B44B849
                                                                                                                                                                                    SHA-512:BEC4AA85F89F74C4BFF8F82C73890243635A4E6F6BE29063FF4E41F3035C97636B99E6F91CCF711F0B48A21555C4ED84400CBEE84152AA245BEF7C6396F11EC6
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:8f3f95e347f711c7c92f1a692d6ce1915627447defc49b587ebf6a5073efb9e7 en-US/aadcloudap.dll.mui.c20bd71ff07f98477f1fc7c1990c80aed0e60c3768b7f229acfa7286293a29d6 en-US/aadtb.dll.mui.06cee7c3dd9f4fe48a7a1050a7be3f8dc294625d5511a8cd9ab51374451c6503 en-US/aadWamExtension.dll.mui.d82af48cb0e3a76c01dabaa6506ad9a130fb0a38dc5cc8d9fa5c0f239c7ef672 en-US/AboutSettingsHandlers.dll.mui.47a07b5fc2b4a56090e4ec0e5dcd37d788f8f91371ae6766c58ae34dcc42b86e en-US/accessibilitycpl.dll.mui.cc52234329ba0f35f2b5f81bcc8b35d6dbe2f87bc41a8c310b7c7d53d5d71aa3 en-US/AccountAccessor.dll.mui.413f96a418cb3cbcd97fd9dd8a645547cb94a1d2d3dffe72a3770f1e4dc99ec8 en-US/AccountsRT.dll.mui.4ce1031f1547a268103f60fe57aeb61efe45743369254878c28969a603d4218e en-US/acledit.dll.mui.066f09f0acb78ee34f295c353f74b597108d0866bf48eed03bd29162031070c0 en-US/aclui.dll.mui.0aca2a811c1936c4201c86743a717dc1ef715ec37d06236a743d2e7818f65737 en-US/acppage.dll.mui.1a786782e1f158a8981f27b06044181c79581051f2e0f20a673218490c2d8def en-US/acproxy

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\pyarmor_runtime.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):620032
                                                                                                                                                                                    Entropy (8bit):6.1916778134841906
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12288:qTlIttemLwKXcuFdcj7fUoPHlttNynEGyEC:q5w/cuFdcj7fUoPHlttNynH
                                                                                                                                                                                    MD5:149DBFEB76B9F8F6B7DDDE1EAAC61118
                                                                                                                                                                                    SHA1:747DB9BF10E9231DEB2CB2619C5ECF89B7DB6232
                                                                                                                                                                                    SHA-256:1CEBFDD7C65B99DC6EE477BFAD9F236940EAA8C0383A90A68EE467D32411C01F
                                                                                                                                                                                    SHA-512:92BF3BF0A7E41CB06958E4AC23665E324A3220BFD49C2FAA366C9DD37E39F95770559F75285B38E3F15B0C8D5829D8BBBD7EA4ACD9F31A2CCBB53A428DA34FB4
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".........r...h..0..........a.............................P.......o........ .........................................]........2..............p#...........@..................................(.......................`............................text...h...........................`.P`.data....H.......J..................@.`..rdata.......@......................@.`@.pdata..p#.......$..................@.0@.xdata...%...0...&..................@.0@.bss.....f...`........................`..edata..]............8..............@.0@.idata...2.......4...:..............@.0..CRT....X.... .......n..............@.@..tls.........0.......p..............@.@..reloc.......@.......r..............@.0B........................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\pyarmor_runtime_000000\pyarmor_runtime.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):620032
                                                                                                                                                                                    Entropy (8bit):6.1916778134841906
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12288:qTlIttemLwKXcuFdcj7fUoPHlttNynEGyEC:q5w/cuFdcj7fUoPHlttNynH
                                                                                                                                                                                    MD5:149DBFEB76B9F8F6B7DDDE1EAAC61118
                                                                                                                                                                                    SHA1:747DB9BF10E9231DEB2CB2619C5ECF89B7DB6232
                                                                                                                                                                                    SHA-256:1CEBFDD7C65B99DC6EE477BFAD9F236940EAA8C0383A90A68EE467D32411C01F
                                                                                                                                                                                    SHA-512:92BF3BF0A7E41CB06958E4AC23665E324A3220BFD49C2FAA366C9DD37E39F95770559F75285B38E3F15B0C8D5829D8BBBD7EA4ACD9F31A2CCBB53A428DA34FB4
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".........r...h..0..........a.............................P.......o........ .........................................]........2..............p#...........@..................................(.......................`............................text...h...........................`.P`.data....H.......J..................@.`..rdata.......@......................@.`@.pdata..p#.......$..................@.0@.xdata...%...0...&..................@.0@.bss.....f...`........................`..edata..]............8..............@.0@.idata...2.......4...:..............@.0..CRT....X.... .......n..............@.@..tls.........0.......p..............@.@..reloc.......@.......r..............@.0B........................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\python39.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):4523976
                                                                                                                                                                                    Entropy (8bit):6.435919894293302
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:98304:Grk4ZPyKFv2bwgdGGtudvURuHRMXIwzXT:GrjZKKFehdGGt5XlXT
                                                                                                                                                                                    MD5:19E6D310C1BD0578D468A888D3EC0E3D
                                                                                                                                                                                    SHA1:32561AD9B89DC9E9A086569780890AD10337E698
                                                                                                                                                                                    SHA-256:F4609EC3BBCC74ED9257E3440EC15ADF3061F7162A89E4E9A370E1C2273370A1
                                                                                                                                                                                    SHA-512:4A8332C22A40A170EA83FC8CFD5B8A0ED0DF1D59FD22EBE10088BA0BE78CC0E91A537D7085549A4D06204CBE77E83154A812DAED885C25AA4B4CB4ACA5B9CC85
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F....|...|...|..P....|..d....|..P....|..P....|..P....|....h..|.......|...|..Y}.......|.......|.......|.......|..Rich.|..........PE..d...l.;b.........." ......#...#.....0.........................................G.....":E...`..........................................I=.......>.|....0G.......D..8....D......@G..v...Y%.T...........................@Z%.8.............#.h............................text...$.#.......#................. ..`.rdata...S....#..T....#.............@..@.data........@>.......>.............@....pdata...8....D..:...,B.............@..@.rsrc........0G......fD.............@..@.reloc...v...@G..x...pD.............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\pywin32_system32\pywintypes39.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):134656
                                                                                                                                                                                    Entropy (8bit):6.0017332542566715
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072://ZCM+lst/TPZa4TjDY/r06trJhQAjkYe1K6SXxKpjAjfMG://ZCplst/TPnY/rxt6A4Ye1KbXYpEjf
                                                                                                                                                                                    MD5:F20FD2E2AC9058A9FD227172F8FF2C12
                                                                                                                                                                                    SHA1:89EBA891352BE46581B94A17DB7C2EDE9A39AB01
                                                                                                                                                                                    SHA-256:20BDE8E50E42F7AABF59106EEA238FCC0DECE0C6E362C0A7FEEB004AB981DB8A
                                                                                                                                                                                    SHA-512:42A86FA192AEA7ADB4283DC48A323A4F687DAD40060EA3FFDDCD8FD7670BB535D31A7764706E5C5473DA28399FEC048AE714A111EE238BB25E1AAD03E12078D4
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9.$.X.w.X.w.X.w. Kw.X.w.-.v.X.w.7%w.X.w.-.v.X.w.-.v.X.w.-.v.X.w.3.v.X.wY1.v.X.w.3.v.X.w.X.w&X.w.-.v.X.w.-.v.X.w.-.v.X.wRich.X.w........PE..d......d.........." .........................................................P............`..........................................u..`B..p...,....0..d.......L............@..0...`Q..T............................Q..8............................................text............................... ..`.rdata..\...........................@..@.data....-.......(..................@....pdata..L...........................@..@.rsrc...d....0......................@..@.reloc..0....@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\select.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):29640
                                                                                                                                                                                    Entropy (8bit):6.24629892386138
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:g2YyAU1265whJBHqgORWZI57GZYiSyvwhT:v86Gh/KgORWZI57GZ7Syo
                                                                                                                                                                                    MD5:196C4D2F8BDC9E9D2DBCCE866050684C
                                                                                                                                                                                    SHA1:1166C85C761D8188C45D9CC7441ABFE8A7071132
                                                                                                                                                                                    SHA-256:CD31F9F557D57A6909186940EAFE483C37DE9A7251E604644A747C7EC26B7823
                                                                                                                                                                                    SHA-512:CB9A02530721482F0FF912CA65DAE94F6930676E2390CB5523F99452174622D7E2E70CAFAF46E053F0C3DFC314EDC8C2F4FD3BC7EA888BE81E83FF40D3A30E78
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......... ...N...N...N.......N...O...N...K...N...J...N...M...N.O.O...N...O...N.!.O...N.O.C...N.O.N...N.O.....N.O.L...N.Rich..N.........................PE..d.....;b.........." ....."...4......................................................3<....`..........................................Q..L....R..x............p..T....T..........D....B..T...........................0C..8............@..(............................text.... .......".................. ..`.rdata..J....@.......&..............@..@.data........`.......B..............@....pdata..T....p.......D..............@..@.rsrc................H..............@..@.reloc..D............R..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\unicodedata.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1122248
                                                                                                                                                                                    Entropy (8bit):5.37506480885596
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12288:CezMmuZ63NhQCb5Pfhnzr0ql8L8kkM7IRG5eeme6VZyrIBHdQLhfFE+uoUT:CezuiZV0m88MMREtV6Vo4uYoUT
                                                                                                                                                                                    MD5:684AE6992F55AD6C64588367E42F44F7
                                                                                                                                                                                    SHA1:66D8868286924ADA60966A620DFFE87B2C978711
                                                                                                                                                                                    SHA-256:91834E28CC0ACBD966DC6D323B95113E0050301B7CD6CD4ABE43390F2BBDDB34
                                                                                                                                                                                    SHA-512:70453EE98CBF6365AA7A326520CDAD438D6A1D6F463DA6180CB5E20708647951831D232B577BE50A16825912A9E40386C64A9987E3265FC870CDDD918B31614C
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......".$~fOJ-fOJ-fOJ-o7.-`OJ-4:K,dOJ-4:O,jOJ-4:N,nOJ-4:I,eOJ-.:K,eOJ-.=K,dOJ-fOK-,OJ-.:G,gOJ-.:J,gOJ-.:.-gOJ-.:H,gOJ-RichfOJ-........PE..d.....;b.........." .....J..........T).......................................@............`.............................................X...h........ .......................0......`L..T............................L..8............`...............................text....I.......J.................. ..`.rdata.."....`.......N..............@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\win32api.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):133632
                                                                                                                                                                                    Entropy (8bit):5.851469350935171
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:pI+kHubb2wCc8Rd0BvDAQolRVFhLaNKPNyymA4FZ5dorG0e:ShObbac8Rd0BUlRVlPNynFZ57
                                                                                                                                                                                    MD5:05E4B3B876E5FA6A2B8951F764559623
                                                                                                                                                                                    SHA1:4AD50F70EEF4FEAA9D051C2F161FBAC8A862A4BC
                                                                                                                                                                                    SHA-256:A52F8BD28B5B9558CDE10333CE452A7D6F338CE1005A2B8451755005868E4A98
                                                                                                                                                                                    SHA-512:5648306AF7C056C9250731B7D5A508664294BBB8BA865F9DC06FD7216ADF7B8CC31B1CFBC0175C7F2752680744F6546A1959E7F7D1EC7A8A845F75642CE034D9
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t.uV0...0...0...9...8...b...4...b...8...b...4.......2.......2...b...'...$...;...0...g.......2.......1.......1...Rich0...................PE..d......d.........." .........................................................P............`..........................................................0..T....................@..$....v..T............................<..8............0..........@....................text............................... ..`.rdata......0......................@..@.data...x(......."..................@....pdata..............................@..@.rsrc...T....0......................@..@.reloc..$....@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI50522\win32event.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):28672
                                                                                                                                                                                    Entropy (8bit):5.566183037243278
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:pu2z3oHKLNA/jhfWddbcrsdcBi60k/MwJba:pXkHkNA/jhfWddbcBBi60k/MwJba
                                                                                                                                                                                    MD5:E4C515DF1FEDF6BC59E7FED6AB194E00
                                                                                                                                                                                    SHA1:B26384AEC2EE25EE59CD45FB77AC04A3FB46A80F
                                                                                                                                                                                    SHA-256:E469C3E9A6836CE38DEA05854D27CAA33EB766882527F73F60E3E2254BADC51B
                                                                                                                                                                                    SHA-512:123D16456B86C406F23C366349DF5785D9CC793ADBBBB7CF50B64B318C16F5FE703B600A3C67A979319BC779049F786F4AD675C22B1973FA712C6623695E7EF7
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P.*..uD..uD..uD......uD.F.E..uD.F.A..uD.F.@..uD.F.G..uD...E..uD..E..uD...E..uD..uE.NuD...M..uD...D..uD...F..uD.Rich.uD.........................PE..d......d.........." .....8...4.......3....................................................`..........................................f..T...4g..........\............................Z..T............................Z..8............P...............................text...86.......8.................. ..`.rdata...#...P...$...<..............@..@.data................`..............@....pdata...............d..............@..@.rsrc...\............j..............@..@.reloc...............n..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Common\en-US\sapi.dll.mui

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):16384
                                                                                                                                                                                    Entropy (8bit):3.560212102277829
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:4LEUt5t468Uq0voq3qv/DX0k8QtrutqGW9uJq/6kqHt8NZrzW0NWL:qd8r026yruBW9VUt0ZrzW0NWL
                                                                                                                                                                                    MD5:4D5B570C6A43917B52741B707341FDDA
                                                                                                                                                                                    SHA1:010A9C83255E9271154280418BF601F975430DD9
                                                                                                                                                                                    SHA-256:809AB1C72338B01C0DE9D7367E2763FCA896E0F6EC7E833F45DE45C3BC033134
                                                                                                                                                                                    SHA-512:4A7767152DBF40F41F0CB7399E3040DA4AE4D33D2204468EC0DDC0CA9B60F3424E7DD489463AB227584DA31DB550537140E980B271B8D2F434265B3627971729
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........>...............................................`............@.......................................... ..D;..............................8............................................................................rdata..............................@..@.rsrc....@... ...<..................@..@.....>.........T...8...8........>.........$...................8....rdata..8...x....rdata$zzzdbg.... ..0....rsrc$01....0#..08...rsrc$02.... ...r..P....i....<.? =.Y.....W..>.........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Common\sapi.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1569792
                                                                                                                                                                                    Entropy (8bit):6.1201506655739
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24576:7l085rs7VUKi682+npiLP82fIyL0/PcioZ:7qwsk1KLP82fI
                                                                                                                                                                                    MD5:F977B1ED7C926A23C9993E0CD9822B8E
                                                                                                                                                                                    SHA1:A90AB8D7D7F4C54829700700B210B17D63BA1F4D
                                                                                                                                                                                    SHA-256:958A63EFC1D059A3F8699B6A2AE1D59A1898F948A7819CC886A946F1C0E6496F
                                                                                                                                                                                    SHA-512:AEB28D8A69C7734F25DFF71B2715512122573EE05014A543054C8F79B8FD78E132BC1184069D7534F3073B121ADD245BDAC2AE7900E0637E1B8D3536E586F3C9
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Xh@.6;@.6;@.6;T.7:U.6;@.7;..6;T.5:K.6;T.2:.6;T.3:q.6;T.6:A.6;T.>:>.6;T..;A.6;T.4:A.6;Rich@.6;........PE..d................" .........................................................`.......~....`A.........................................:......$;.......p....................... ..l3......p.......................(................... ........8.......................text............................... ..`.rdata.. L.......N..................@..@.data...(X...`...4...J..............@....pdata...............~..............@..@.didat..p....`......................@....rsrc........p......................@..@.reloc..l3... ...4..................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\en-US\srloc.dll.mui

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                                    Entropy (8bit):3.5855334678640385
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:y+3B1xI/cY2gFQK44asIFOFYQaEVKZWPTHzawuGZ/AK5WwZHV:DUcYj2UOWPTuZUHWwb
                                                                                                                                                                                    MD5:311C1AE96CA16A1F9C0F4857AB81BD2F
                                                                                                                                                                                    SHA1:2FC721FD5E5CEDE54C6B598D0F473D61EB31F830
                                                                                                                                                                                    SHA-256:F57D453C82D5CEEB269E28961241C5F027EC17F65E6D1E8A45229471DBB5476F
                                                                                                                                                                                    SHA-512:EDB5961D57FD5C77CB57E1CDDE945BDF9C3A4753B96EDBAD6F890337BA9D32E29B80F94850593B3F08BAC4B5C1BCAF2B9FF8C4A891204C4720AE4A939EF39825
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........................................................0.......-....@.......................................... ..l...............................8............................................................................rdata..............................@..@.rsrc........ ......................@..@......)\........T...8...8.........)\........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01.....!.......rsrc$02.... ..._...Y ..9.h.._lG.\@.....@.c..)\........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\spsreng.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1073152
                                                                                                                                                                                    Entropy (8bit):6.650667849531351
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24576:fAGx/PfINLsVkWOur35TgkvUnHNyop+1BwBBH:fBPgBHur356z
                                                                                                                                                                                    MD5:FC3F513DBFA7AE54EF4E3498D9E9784B
                                                                                                                                                                                    SHA1:3F29B2C3E1E34D3062B17525669CD3B6F82961A2
                                                                                                                                                                                    SHA-256:67DF7281CE98F247F25427232785A8D651472E21488BF2CB4AB57CBAAB7BE016
                                                                                                                                                                                    SHA-512:D9594815B4A71BA70E16AA26317D7C8D93171EF958F824FA99AB9F8EE15885940D44D47334A6CF4668BDD27C10B3044DB131D841ACAD631869E9D3853775F2CC
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......H.b..y...y...y.......y...y...y.......y.......y......Oy.......y.......y......y.......y..Rich.y..........PE..d...4............." .....N...2......0b..............................................E.....`A................................................T...x................o.................. <..p...................x...(...`...................H............................text...,M.......N.................. ..`.rdata..\....`.......R..............@..@.data...............................@....pdata...o.......p..................@..@.rsrc................L..............@..@.reloc...............R..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\spsrx.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):105472
                                                                                                                                                                                    Entropy (8bit):5.961405979583004
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:HGvgUUbeZWCkPhh7rnrwwFQIgplqiOPRcuwtB9N6f:mvgD7rnVQIgpl16otB9
                                                                                                                                                                                    MD5:F3A75622E931E20DFFD1DAA951D71F39
                                                                                                                                                                                    SHA1:B94BB09EB306B88972397B8AF555623F0655F086
                                                                                                                                                                                    SHA-256:7B8F98BE4BD2145E4E1E4C71C6D2A1B789C6810F0582209502F4666A035B41C1
                                                                                                                                                                                    SHA-512:6222714A9F2F37CB58577EDE6D8246C528488D878830313D3D84372F1DCE8C5B79CEF99C4AC5CF229F2366663F1BB1DC7B8855DCD234426CFA202E32A08E8330
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p...4..@4..@4..@ ..A?..@4..@A..@ ..A=..@ ..Az..@ ..A...@ ..A5..@ ..A;..@ .*@5..@ ..A5..@Rich4..@................PE..d...Kc+..........." .................p..............................................^.....`A........................................@&.......&..x........`...p..................T...`...p...........................0...............H................................text............................... ..`.rdata...P.......R..................@..@.data....#...@......................@....pdata.......p.......,..............@..@.rsrc....`.......b...6..............@..@.reloc..T...........................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\SR\srloc.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):486400
                                                                                                                                                                                    Entropy (8bit):6.223693489277457
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12288:eQnZiz8HurXkIvbEoQwHG7jeCYtpEo7Tf:eQn/urXzzEtNopH7T
                                                                                                                                                                                    MD5:29BB9B5D6EFA4A639759E59641AA5821
                                                                                                                                                                                    SHA1:DC6E55DDB6F5C5061F48238E4AEC290E26EC7804
                                                                                                                                                                                    SHA-256:F373673D34CC74F76F8C951B664589845B9DD82C939F6973C67E8FFF7D6F9840
                                                                                                                                                                                    SHA-512:5E9D38856FA39F7F9221BCA2C9FDB72E62590D9544E9446CD76AD983FD4454885E52DACCFE8E1A71F1CBEAAC1BA23E981B051FB89819532698AF0AA20E15D65E
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........c.M..[M..[M..[D.[O..[Y..ZF..[M..[..[Y..ZA..[Y..Z..[Y..Z...[Y..ZL..[Y..Z/..[Y..[L..[Y..ZL..[RichM..[........PE..d...j............." .................,...............................................o....`A................................................t...........8....`..P...............x......p...................x7..(...`6...............7..`............................text............................... ..`.rdata..............................@..@.data...._.......>..................@....pdata..P....`...0..."..............@..@.rsrc...8............R..............@..@.reloc..x............X..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\TTS\MSTTSEngine.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1011072
                                                                                                                                                                                    Entropy (8bit):6.305825051822925
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24576:60Ys17BeFoRnCANrxjmao8OC7VM5s4sJQ10c1pSCLiXt3juk1vcMmLglSuCJ:ldF8FCCyrxjmatrV0sQ0cKmQBTM1
                                                                                                                                                                                    MD5:F9512C058964F125C0C0883C0CCA225E
                                                                                                                                                                                    SHA1:F5BE9E7DECF8A6BFAD3411FF8AE15E8F40405215
                                                                                                                                                                                    SHA-256:41CE9B38D03E80088A744C13229CAB4BC4CC9FBCF60C0E553A8E66EA8F9B07A4
                                                                                                                                                                                    SHA-512:1CE62154B0DBB0C4C55F7BD87C97877FEBD2CE59F8FACFB2C10D38F7F0968D3350B279A6D6853E71097093728120415DFDCE54D169819A789CA65A6A453A639D
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Iu.....T...T...T.lBT...T...U...T...U...T...T...T...U...T...U...T...U...T...U%..T...T...T...U...TRich...T........................PE..d......n.........." ......................................................................`A................................................x...........8w.......g...H...%...p..@.......p...........................0)..............H*...............................text............................... ..`.rdata...`.......b..................@..@.data...@V... ...N..................@....pdata...g.......h...L..............@..@.rsrc...8w.......x..................@..@.reloc..@....p.......,..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\Engines\TTS\MSTTSLoc.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):521728
                                                                                                                                                                                    Entropy (8bit):5.26816086887833
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:ZhyW3FrJhNl7y10hwkxJ7HNfS3GtsLtQNnzs4G8thhqsNYcoCfgISw:KW3F1Xl7ykxxt94b2hhqKYcngIS
                                                                                                                                                                                    MD5:40EB1F198A18021833E65A076955B03C
                                                                                                                                                                                    SHA1:730F666A44942AD4BA59C69948036C57B5DB9827
                                                                                                                                                                                    SHA-256:4ED0E11DF812CD586423182568E2F28B3DBA92F85B5FDA68351BF97468083079
                                                                                                                                                                                    SHA-512:70C9514587B81EE9A744234F5A5AFA1FBADB1DF4E457D7A47B304736240B60320B330A655F7A9F907247A049C134B3B488AF9898ACE8263026F83C745006DD35
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Xc.s... ... ... .z. ... .i.!... .i.!... ... ... .i.!... .i.!... .i.!... .i.!... .ii ... .i.!... Rich... ........................PE..d...D..".........." .........N...............................................0............`A............................................P.......................L)..............@>...k..p...........................P...............h................................text... ........................... ..`.rdata...2.......4..................@..@.data...............................@....pdata..L).......*..................@..@.rsrc...............................@..@.reloc..@>.......@..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SPTIP.DLL

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):159232
                                                                                                                                                                                    Entropy (8bit):6.141294435501823
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:wFp5C2mYK1JVOaFXlEbfIfhvIAG7+lyXOzt+ikzN:kp5CasO+1EjIfhvI/eyXy52N
                                                                                                                                                                                    MD5:C4D73A4379E6F55F698532ECBC9579BE
                                                                                                                                                                                    SHA1:FB53B40E6BEC2AEBB0BA97D86FE1D3C7CCE94D94
                                                                                                                                                                                    SHA-256:683F604AD40AB82382809D75595F734B672FAC75E1E8EF63C94683D11C848D6D
                                                                                                                                                                                    SHA-512:1AF8F089F4CCB67ADAB896AB7C0B23D69D3BEEB493E719FBEF55B507295CCDA7E7343D59504102433D02EA800C7FDEDFECE4252C36514537C52BD35FC067E8E4
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[\~..=...=...=...V...=...V...=...=...=...V...=...V...=...V...=...V...=...V..=...V...=..Rich.=..........PE..d... <............" ................0...............................................k.....`A................................................D........@...C...0..........................p...............................................p............................text............................... ..`.rdata..JN.......P..................@..@.data...x.... ......................@....pdata.......0......................@..@.rsrc....C...@...D...&..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SpeechUX.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1453568
                                                                                                                                                                                    Entropy (8bit):6.7106066470226216
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24576:lwcdUsNWUncNv/WwMri3RtZDJK3e86Lq2i1Sj57nyTTHmdR9adKn0ox8oLg:lrOsNtme5yPAe8GVjlnwy0dM0QLg
                                                                                                                                                                                    MD5:6BFEF5D4BA0C93C0BCE2593BAC58015C
                                                                                                                                                                                    SHA1:B03839587DC0CAD96277E0621850D6B151CF90A6
                                                                                                                                                                                    SHA-256:A7E2602CE3D1093712D316497D887D0C97A9738EDC026726055BF07572D84099
                                                                                                                                                                                    SHA-512:EDECCB0697F8CD7EAAF6E96AF783B328278AA53C02CF08A64403C3D04738CD0DC0746B726ECD010023F17B07DCDD1EA8B6BB47F7C122BC413D5A977AF20B2810
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s3...`...`...`...a...`...a...`...` ..`...a...`...a...`...a...`...a-..`...`...`...a...`Rich...`........PE..d...8............." .................Q...............................................k....`A........................................p.......,...|.... ...H.......d...........p......P...p...................x...(...`...........................`....................text...s........................... ..`.rdata.............................@..@.data....7...`...(...@..............@....pdata...d.......f...h..............@..@.didat.. ...........................@....rsrc....H... ...J..................@..@.reloc.......p......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SpeechUXPS.DLL

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):36352
                                                                                                                                                                                    Entropy (8bit):4.477100896687311
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:TzcEP6TRUpPzapbW8ufOOqvWiMq4GDDKkVuOUSo3OWczkjUJl0azvOpI80Ygkuuc:7pEahYABZI0
                                                                                                                                                                                    MD5:DFEC0317A1EA262D948A18424B86C2BA
                                                                                                                                                                                    SHA1:25BC5196E6B47AA72B4F09752382FF2C860FF19B
                                                                                                                                                                                    SHA-256:9C58C0059F53CD8B796A56A8D3F585A001FD29A3037FE8393292F52DC6AC1944
                                                                                                                                                                                    SHA-512:522E0FD4788CF0AE5EFE2312C7599D77474E4F54FDB5AC34757091A7ABE13564EE7560E6E83CC6E6417E31BBDF05CFC9A57C0BFFE2B21523F3062A43E9CF957F
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........V...8...8...8......8...;...8...<...8...9..8...9...8...8...8...0...8.......8...:...8.Rich..8.........PE..d...^............." .........~......0...............................................P.....`A...........................................................................................T............................a...............c..0............................text...p........................... ..`.rdata...c...0...d..................@..@.data................|..............@....pdata...............~..............@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\SpeechUXWiz.exe

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):465920
                                                                                                                                                                                    Entropy (8bit):6.881687311752545
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12288:a7lb57GX8YbVe0TIrf8NbywLkRLgLBAgV:ul7Y82VLTIrfMy8oLg
                                                                                                                                                                                    MD5:02BCE04D6192EB6BC85A195E0187E707
                                                                                                                                                                                    SHA1:975ECD7E4D51DA13584F8453C9E4959FB94C0545
                                                                                                                                                                                    SHA-256:6FA424DDD31E80D679D987FD94FB2A35D8BBEAD7F5F09404AF531B46DBAE85B6
                                                                                                                                                                                    SHA-512:F1B82D484867585E206A2D48B64791724ED9AAE57FE55FAE755A786BEE228482CB9CBC03B1E84CFA4D7FD5BBDA0F733FE9500C8303834E3B23FB89580F589733
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#..bM..bM..bM...N..bM...I..bM...H..bM...L..bM..bL.E`M...E..bM......bM...O..bM.Rich.bM.........PE..d................."..........V.................@.............................`............`.......... .........................................,.... .. *...................P......0f..T.......................(.......................p............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc... *... ...,..................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\SpeechUX.dll.mui

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):77312
                                                                                                                                                                                    Entropy (8bit):3.9016462651552564
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:C12WsiBibFoTwLz7xk+9h67iKlpViTRFjwX42De1OODQ0Oxem2L+UypXkNNsLx7X:A9w0wLz7xk+9hYn1kylOoLKzmHu274e
                                                                                                                                                                                    MD5:00E741D6381CEF37CE3775365F8905B1
                                                                                                                                                                                    SHA1:686457F78C8BC1C40E9DDFD5F947CEF6A2BFACB8
                                                                                                                                                                                    SHA-256:D7677178E9E653C2EE56BB05153F710C089A0FDF4ACD61B227A7848316B3D5BE
                                                                                                                                                                                    SHA-512:3A22F9F56F616AB5A580F782A1168A16DA0AAF77EA28F2B6A782C4A050D89F2015BFA5616E257EE1A1ECB6B2D840EA90443591CE56EB3FB860D4A71F403D3522
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........,...............................................P.......F....@.......................................... ...(..............................8............................................................................rdata..............................@..@.rsrc....0... ...*..................@..@.....x.&........T...8...8........x.&........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01.....5.......rsrc$02.... .....fA.%..f....sA.X..1......5..x.&........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\SpeechUXRes.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):78336
                                                                                                                                                                                    Entropy (8bit):2.8994243966977833
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:sW8dlm/JCz244BOtBax2EzNSO1kG9qgiwv3b5KdqpGj0eZk8RVp2I6WNqw4gGu:L8MCf4BOtBax2E8kMB05K0pGloWNqwc
                                                                                                                                                                                    MD5:2E186A7F6E00285CA1600F6EC0E6EC60
                                                                                                                                                                                    SHA1:BEACB51296F4D3A1444025627C38ABAF21ED4D4F
                                                                                                                                                                                    SHA-256:052B316586906985C7C372ECD28B497C3C5ED2A7BF9F08E49AB31003F479E4D8
                                                                                                                                                                                    SHA-512:08487991457593FE5BB30EDAD55DD672E83284B1C0B76CE54089BFAC3DD2DE00C05491EA49B6EA7A9FD975E6FB4DFC0F2C04A0F6A4DE5AC1973C0CC6FD547CBB
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.PE..d.....yO.........." .........0...............................................P............`.......................................................... ..P-..............................8............................................................................rdata..............................@..@.rsrc...P-... ......................@..@......yO........T...8...8.........yO........$...................8....rdata..8...x....rdata$zzzdbg.... ..0....rsrc$01....0$.. )...rsrc$02.... ........8..l4.[...2K.DO_..Z.p..yO........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\SpeechUXWiz.exe.mui

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):2560
                                                                                                                                                                                    Entropy (8bit):3.305745657724211
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24:eH1GSAnmQxuWCp24Flaut0WIZW0R5w/aNuf3DA349DAlU35WWdPPYPNy0:yLyojFlaydIZWswUuPDn9D+K5WwHgp
                                                                                                                                                                                    MD5:C88E574480A4F42BBA617155D3B99729
                                                                                                                                                                                    SHA1:05C42F31E1FC4B9A09A4019BEE4722B82106F606
                                                                                                                                                                                    SHA-256:B16969B66A279BB0B771C8CCF0CDD2779797915B5590834B52976B884EA5F68A
                                                                                                                                                                                    SHA-512:BEEA0027E8DDE536D1285801B5FDFC9F4DF0AD6E5793314D8DB730D72E66A944487C633B3372DAA9E4F68BE7F7CF1DBEAD9899218D57A7B7C71977CECFFF4D8C
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........................................................0............@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc........ ......................@..@..............T...8...8.................$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01..... .......rsrc$02.... ...J...R.....Y<..z.yB................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\sapi.cpl.mui

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):19456
                                                                                                                                                                                    Entropy (8bit):3.484662654723136
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:192:jnnwPzkyzJTEhzDlpS/aBaUR0DdoNRF8VadaoQSvDDpPndYvWvOWx:jc9TEpxpSC8Q0ZGg8DDpPndYvWvOWx
                                                                                                                                                                                    MD5:7877D3A5F4D32B379E8209BF9A6C00CE
                                                                                                                                                                                    SHA1:65A16A418DAA0A98D742A508C3E6D26B33710960
                                                                                                                                                                                    SHA-256:AA0B020843020224A9AED9D5BD9500668734CEF37BA787CECA0E10B02534C7FA
                                                                                                                                                                                    SHA-512:0DA65E319D7859B8A614E8B80D227890080F5EF6C10045E1B0DE6FB175D7E96E577EB012BE9156F1DE2EAA9CFE11F0B2B8284DEC167DEE6D6BEFF8DA5A204617
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........J...............................................p............@.......................................... ...G..............................8............................................................................rdata..............................@..@.rsrc....P... ...H..................@..@......).........T...8...8.........).........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01.....,..(^...rsrc$02.... ....p.9@2.WF.e..%H..f..7.A...D..).........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\en-US\speechuxcpl.dll.mui

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):5632
                                                                                                                                                                                    Entropy (8bit):3.6343445557187257
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:W4wsQUC97naKzStnnL6YVU4Hcu/hrCZEWWFcWwUg:W4wP97naKEL6BSckhr/WwcWM
                                                                                                                                                                                    MD5:91FD2B37FC1D7756B3B6281A64A0E204
                                                                                                                                                                                    SHA1:F0CB018584E8E7D50AB006DDEFAD49656B279F32
                                                                                                                                                                                    SHA-256:B90215957B4A69B14694F0DEE7DD236B294B8F2881D11E9CDE13E30BD5128ABA
                                                                                                                                                                                    SHA-512:06263FD414D727808C5D4960B2530D963B3AA0C9B2C8FDEEFD5DE69C6E3F172D02DF22A2052968018953CBF75470EAEDCC8DAFC668739430D8B822AC99B18ADF
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........................................................@......A.....@.......................................... ..D...............................8............................................................................rdata..............................@..@.rsrc.... ... ......................@..@.......X........T...8...8..........X........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01.....!.......rsrc$02.... ........[.^..b...u...**..Q.$DG....X........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\ru-RU\SpeechUX.dll.mui

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):77312
                                                                                                                                                                                    Entropy (8bit):3.9024324035505042
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:j1WWAciBibFoTwLz7xk+9h67iKlpViTRFjwX42De1OODQ0Oxem2L+UypXkNNsLx8:xdl0wLz7xk+9hYn1kylOoLKzmHuJL4e
                                                                                                                                                                                    MD5:3FB04397AD2245E5FECDD61301E0ABDB
                                                                                                                                                                                    SHA1:DBDAFFBCE34C5A7B5DDDE260B2DB4E81C225FF0F
                                                                                                                                                                                    SHA-256:B2AD0F7DC268B4371E41187547B4C8D6BEB990A37B43A1257295FDFAD6D37C18
                                                                                                                                                                                    SHA-512:523AA4587EA744128EE56D83E06777B3AABAFF18CA352ADB257C964C219B770E5A03F58F6C6DA46AEF62F20DB42F3A0682847E07FDF7E382C2BB0A1D43C67A31
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........,...............................................P.......M....@.......................................... ...(..............................8............................................................................rdata..............................@..@.rsrc....0... ...*..................@..@.....x.&........T...8...8........x.&........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01.....5.......rsrc$02.... .....fA.%..f....sA.X..1......5..x.&........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\ru-RU\SpeechUXWiz.exe.mui

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):2560
                                                                                                                                                                                    Entropy (8bit):3.308058071761624
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24:eH1GSAW5mQxeWCp24Fu1Laut0WbZW0R5w/aNuf3DA349DAlU35WWdPPYPNyk:yyy4jFKLaydbZWswUuPDn9D+K5WwHg5
                                                                                                                                                                                    MD5:D246DC71694598FCE6026321BB692133
                                                                                                                                                                                    SHA1:B8D79EFFD6682DA2DAFE06DC28831F614DD34247
                                                                                                                                                                                    SHA-256:980CF034A8E6B7AF0224AA945EA37FCDCD2D42A30FF8D37DC60CB38E7C10E275
                                                                                                                                                                                    SHA-512:D522573112A3227E66573A60E6E2F7C83D6857310F3ECBB0D0A8BB89478ECFC881E9580FF458945FFB564AEA36DB9B78EE5D1FED2DF4D24BAAB8FB9D1A87C399
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........................................................0......6.....@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc........ ......................@..@..............T...8...8.................$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01..... .......rsrc$02.... ...J...R.....Y<..z.yB................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\ru-RU\speechuxcpl.dll.mui

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):5632
                                                                                                                                                                                    Entropy (8bit):4.144916424063844
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:48:yBtMmAKmq55Y87oLH+P3Jehyi0DRM/L+hg+OSjwGaauNee28bZWxJuT+3Bzdb+ft:sBz5m+PZkyXDIL+jEpek9Wl3BzukU
                                                                                                                                                                                    MD5:FB407D2CBDC6F7C035AC2D1E72CAC0CA
                                                                                                                                                                                    SHA1:1352FC6CF552001253DCCEB1CE380FE637496755
                                                                                                                                                                                    SHA-256:2D0AACB594AC744F32F3701C17B911E845B3D51F583E9903F513C705811BB08F
                                                                                                                                                                                    SHA-512:2A65E36CCAEA2C266DB5B324832E285832F97C53916AAA7E2C5089B93571DAC57C1FE02698228EE9A926E0524BFB6E0CD43734FAA9A48BD1BAD2888CF94D2A4F
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........................................................@......jv....@.......................................... ..$...............................8............................................................................rdata..............................@..@.rsrc.... ... ......................@..@.......X........T...8...8..........X........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01.....!.......rsrc$02.... ........[.^..b...u...**..Q.$DG....X........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\sapi.cpl

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):242176
                                                                                                                                                                                    Entropy (8bit):6.676508342306661
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:sU3hZm7vF5qXHgWGQjof9jK57wz/k4KqugbPXU4AgV8:s2hZmj8c4wLkRLgLBAgV
                                                                                                                                                                                    MD5:2BBBD624B2A736A3806D00280DF1AD3E
                                                                                                                                                                                    SHA1:CF3D04FD61427BD8DC90327B14DB889A3316FED5
                                                                                                                                                                                    SHA-256:39BD24863FBB18FF7B14838E8062CAD91286A04550BA405B17E16D82759E23F0
                                                                                                                                                                                    SHA-512:2D8E2A8EF8195026C87E2FF0351D6BCA7EC32D66197CC9A379974FE1CFCAEB20691FCD23F5F0FBD489A4015858E6D0E6B6B0CE3A871F6EBACBAD6CFAC1DD8B59
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J..+y..+y..+y..@z..+y..@}..+y..+x.S+y..@x..+y..@|..+y..@y..+y..@q..+y..@...+y..@{..+y.Rich.+y.........PE..d................." ................P...............................................h:....`A........................................`u.......v...........-..........................0W..T............................2...............3...............................text..."........................... ..`.rdata..VX...0...Z..................@..@.data................t..............@....pdata...............v..............@..@.rsrc....-..........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\Speech\SpeechUX\speechuxcpl.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):456704
                                                                                                                                                                                    Entropy (8bit):6.279275444299788
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:DHn92Fa74KFycUY6Qwz/k4KqugbPXU4AgV8CCQ4Vb4XURS9Z8DdkTniNnB0OF5O:DH92Fa776QwLkRLgLBAgV7QSjkF5O
                                                                                                                                                                                    MD5:59149DF9B45EADCBDD38A2352935EB63
                                                                                                                                                                                    SHA1:7BAAE44743F096616A843BDDD12869641AA969A6
                                                                                                                                                                                    SHA-256:397550185BCAFA2E46C05DD462C4E8C750E0AC60F896C9EA43493210A9BD7BA2
                                                                                                                                                                                    SHA-512:FB8488472DA20A5FDE2A82C17D9202603BC893B4A55AAF51C91DD87261D9859C845ADC4435E13AA23B4A73473B008CDD1EE7F1EBDD9EDEDEC118254CB664B796
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c.S.'.=.'.=.'.=.3.>.$.=.3.9.7.=.3.8. .=.'.<.e.=.3.<.0.=.3.=.&.=.3.5.0.=.3..&.=.3.?.&.=.Rich'.=.................PE..d................." ................@........................................@............`A.........................................x.......y...........B...................0.......b..p............................?...............@..@....w..@....................text............................... ..`.rdata...t...0...v..."..............@..@.data...............................@....pdata..............................@..@.didat..(...........................@....rsrc....B.......D..................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\VCRUNTIME140.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):97168
                                                                                                                                                                                    Entropy (8bit):6.424686954579329
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:yKHLG4SsAzAvadZw+1Hcx8uIYNUzU6Ha4aecbK/zJZ0/b:yKrfZ+jPYNz6Ha4aecbK/FZK
                                                                                                                                                                                    MD5:A87575E7CF8967E481241F13940EE4F7
                                                                                                                                                                                    SHA1:879098B8A353A39E16C79E6479195D43CE98629E
                                                                                                                                                                                    SHA-256:DED5ADAA94341E6C62AEA03845762591666381DCA30EB7C17261DD154121B83E
                                                                                                                                                                                    SHA-512:E112F267AE4C9A592D0DD2A19B50187EB13E25F23DED74C2E6CCDE458BCDAEE99F4E3E0A00BAF0E3362167AE7B7FE4F96ECBCD265CC584C1C3A4D1AC316E92F0
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..qn.."n.."n.."...#l.."g.."e.."n.."B.."<..#c.."<..#~.."<..#q.."<..#o.."<.g"o.."<..#o.."Richn.."................PE..d...Y.-a.........." .........`......p.....................................................`A.........................................B..4....J...............p..X....X...#..........h,..T............................,..8............................................text............................... ..`.rdata...@.......B..................@..@.data...@....`.......@..............@....pdata..X....p.......D..............@..@_RDATA...............P..............@..@.rsrc................R..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\VCRUNTIME140_1.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):37240
                                                                                                                                                                                    Entropy (8bit):6.3017272133584585
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:5GnvMCmWEyhUcSLt5a9k6KrOE5fY/ntz5txWE6Wc+XfbRuncS74G5WreKWn14gHc:rCm5yhUcwrHY/ntTxT6ovq7nt+dN
                                                                                                                                                                                    MD5:37C372DA4B1ADB96DC995ECB7E68E465
                                                                                                                                                                                    SHA1:6C1B6CB92FF76C40C77F86EA9A917A5F854397E2
                                                                                                                                                                                    SHA-256:1554B5802968FDB2705A67CBB61585E9560B9E429D043A5AA742EF3C9BBFB6BF
                                                                                                                                                                                    SHA-512:926F081B1678C15DC649D7E53BFBE98E4983C9AD6CCDF11C9383CA1D85F2A7353D5C52BEBF867D6E155FF897F4702FC4DA36A8F4CF76B00CB842152935E319A6
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D_.O.>...>...>...N...>..RK...>...F^..>...>..1>..RK...>..RK...>..RK...>..RK...>..RK2..>..RK...>..Rich.>..........................PE..d...^.-a.........." .....:...6......`A..............................................7]....`A.........................................l.......m..x....................n..x#......<...(b..T............................b..8............P..X............................text...e9.......:.................. ..`.rdata.. "...P...$...>..............@..@.data... ............b..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..<............l..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\__init__.py

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:Python script, ASCII text executable, with CRLF line terminators
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):103
                                                                                                                                                                                    Entropy (8bit):4.7776012320135814
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:SDXnlvJI1VJ9uoXSPVSfQQDaIFLVd6eOFJi9cr6yn:SzlRFKSPVS9DaIFLVd6p6986yn
                                                                                                                                                                                    MD5:7F36C3A1229DC69716EEE499EC320A45
                                                                                                                                                                                    SHA1:56108D0F028BC700971660C860896D38498273D1
                                                                                                                                                                                    SHA-256:FF1C7CC1A542A71F0C643A90263E4C2A2508C1BF1E444D307720CCF00AEAC0ED
                                                                                                                                                                                    SHA-512:C8154A7E9FDDD2F56C44FE6195D88E40BF2222AD45371E5AAF8562D7942A2ACC5D4047DADC53799D1DC8C7FEECA79C7A0841421CE703BFCA55D9A38FADB021A0
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:# Pyarmor 8.4.6 (trial), 000000, 2024-05-12T12:07:32.837794..from .pyarmor_runtime import __pyarmor__..

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\__pycache__\__init__.cpython-39.pyc

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:python 3.9 byte-compiled
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):216
                                                                                                                                                                                    Entropy (8bit):4.722399012935214
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3:wtLel0VlG1/QlZfQv+21j+66rX2eOX1OxpMBXnUXo37eO+VV/VOMLkcqMX:QO0e1/QC1v6j2pl+MeXwpenJX
                                                                                                                                                                                    MD5:95A763554322BCAB07C9FEC78B85FA80
                                                                                                                                                                                    SHA1:C674D621F5B5FCD1E9181C850C6FA7B795649B49
                                                                                                                                                                                    SHA-256:D1113ABB8FE3AEDB22358C9F4FA06E76858733027A2AFF98ED520C11976B0A70
                                                                                                                                                                                    SHA-512:36ABC6820114CA4E9F7E2E4714AD50ECC787C3C6B81C1C89FC8E26627642D9A456B34F4C6583D618A13B1AE8676E343E8D03196EAA2F471DEF036B009F6B3DEA
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:a.......t.Afg........................@...s....d.d.l.m.Z...d.S.)......)...__pyarmor__N).Z.pyarmor_runtimer......r....r.....JD:\00Th\1 Steal\Droper\Drop8\dist830512\pyarmor_runtime_000000\__init__.py..<module>.........

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\_bz2.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):86984
                                                                                                                                                                                    Entropy (8bit):6.449825326118893
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:7BVEz7G6jRTRdDsyKzogNC1Ue3FFwOl8lOP1ipVI5tV/7SyIwV:t6znFihztuUe3sOKlg1ipVI5tV/eW
                                                                                                                                                                                    MD5:7F2BBA8A38712D00907F6E37F0CE6028
                                                                                                                                                                                    SHA1:E22227FC0FD45AFDCF6C5D31A1CEBFFEE22DFC32
                                                                                                                                                                                    SHA-256:CD04EBE932B2CB2FD7F01C25412BDDD77B476FA47D0AFF69A04A27D3BFE4B37B
                                                                                                                                                                                    SHA-512:CA46CEAF1B6683E6D505EDBE33B1D36F2940A72FC34F42FA4AA0928F918D836803113BF9A404657EC3A65BC4E40ED13117AD48457A048C82599DB37F98B68AF0
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+..>oh.moh.moh.mf.<meh.m=..lmh.m..Rmlh.m=..lch.m=..lgh.m=..lkh.m...llh.m...lmh.moh.m.h.m...lgh.m...lnh.m..Pmnh.m...lnh.mRichoh.m........................PE..d.....;b.........." .........f......0........................................p.......{....`.............................................H............P.......@..4....4.......`...... ...T...............................8...............@............................text...j........................... ..`.rdata...B.......D..................@..@.data........0......................@....pdata..4....@......................@..@.rsrc........P.......(..............@..@.reloc.......`.......2..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\_ctypes.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):127432
                                                                                                                                                                                    Entropy (8bit):5.943754325028008
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:ys51kM2JpMk49dWZKrcsaIopJfrZquAAIZI5QP1y:tnkMoOwCcDfrZgAIg
                                                                                                                                                                                    MD5:38D9D8ED2B7DF64790150A2A523FD3B9
                                                                                                                                                                                    SHA1:A629C8E76136FA5678C758351E2DCFF5324F51E7
                                                                                                                                                                                    SHA-256:11DAEF02AFE45D9F3987BAB5C2B6EF75B2B6F6F79704C45675D532F090F14B8B
                                                                                                                                                                                    SHA-512:7A37A98BB9824680E3F0030E0DB795F9EAB1CC4D2B6605E4F6C37D432B4DE0642481DD7B6C6F0E53264F2D940B4800555AB0D84145D7DE35F4A65A26CA100FE8
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S..2c..2c..2c..J...2c..Gb..2c..Gf..2c..Gg..2c..G`..2c..Gb..2c.y@g..2c.y@b..2c.0[b..2c..2b.B2c..Gn..2c..Gc..2c..G...2c..Ga..2c.Rich.2c.........PE..d.....;b.........." .................^...............................................6....`..........................................d......te..........................................T........................... ...8............................................text............................... ..`.rdata...p.......r..................@..@.data...D?.......:...v..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\_decimal.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):272328
                                                                                                                                                                                    Entropy (8bit):6.531650091351777
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:PSYgOVbBi7eTDJWMccBp0hyQLM1A5h7329qWMa3pLW1AvxzfDbNSQ:1Bi7eTtdbIZLtpUhSQ
                                                                                                                                                                                    MD5:1139CC9D936B6028305749568EC5CAC7
                                                                                                                                                                                    SHA1:8AEE810BC2CCFC3C36BEF6ED59B3826BB7070299
                                                                                                                                                                                    SHA-256:67A47D85CC1A21069610C85DA64FC031231D43AF7876DFC48361C57D88EFEE0B
                                                                                                                                                                                    SHA-512:1DD4CF64D51A4D9B9F35F1932428F92A3EF538DB62B503097A9DFC1940AFAE59B0D890ACA149A67FF1BD5D343D8E4F38CADD49065404E9CB2902F1ED6DBB754B
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$.:.`.T.`.T.`.T.i..n.T.2.U.b.T.2.Q.l.T.2.P.h.T.2.W.d.T..U.c.T...U.b.T.`.U...T..W.a.T..Y.o.T..T.a.T....a.T..V.a.T.Rich`.T.........PE..d.....;b.........." .........J......@........................................@......id....`.........................................P...P............ ...........,...........0..`.......T...............................8...............(............................text............................... ..`.rdata..............................@..@.data...X*.......$..................@....pdata...,..........................@..@.rsrc........ ......................@..@.reloc..`....0......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\_hashlib.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):65480
                                                                                                                                                                                    Entropy (8bit):6.0825664613687085
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:V2UsyQLwkpuRYqVcXP7O9zozEDvZhjqNI55IE7Syj:V2gSP7QZhjqNI55IE1
                                                                                                                                                                                    MD5:75ED91D3B7A40ECA5B32A13B90191EAD
                                                                                                                                                                                    SHA1:320BD4B6116F735D8508382738E50BA8862B8029
                                                                                                                                                                                    SHA-256:202535A5CEB0BF70C2046639A3884C24F2CCCB1BD92827E61B5A7A663D9399BA
                                                                                                                                                                                    SHA-512:0EB81335C97842233751E7B4C0D6581ACCAF00A86F3E06FE35B2C80BD6BADF83A321EAF4A449A31238ED3F60AA09890769BF54775CD7EFD5112255842E1582C2
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x.N...N...N...G..L.......L.......E.......F.......M.......L......L.......M...N..........O.......O.......O.......O...RichN...................PE..d.....;b.........." .....^...........@....................................... ...........`.............................................P......x...............................H...p{..T............................{..8............p..(............................text....].......^.................. ..`.rdata...R...p...T...b..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..H...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\_lzma.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):163784
                                                                                                                                                                                    Entropy (8bit):6.779442007393752
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:JaV4kBVeMMbwjQneCHPDLORDEWznfo9mNoPrL4rbVI5e1En:JaV4kBVHMKQZrUDEIwYOPwrb2
                                                                                                                                                                                    MD5:AD02EA81A127A401F4DF84C082F3CCE6
                                                                                                                                                                                    SHA1:9C6C851C52F331D17A33936C9AAD8DCEF2542709
                                                                                                                                                                                    SHA-256:4213FBB6936AD3EAC1E1BA28F10E15719176BC3A59FF01DDC6828DD7EEE52132
                                                                                                                                                                                    SHA-512:CDCCD9E5FFFC2A2836F7677985D63C0A8A90FC91F1D98A0F2355C11141E21ECD564BBBFBA87E717AC80F784A68B6F43430476FBD72CEC9820C691DF6612FFD16
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N...............u.....X.......X.......X.......X..........................h......0........................Rich............................PE..d.....;b.........." .....|..........43..............................................*.....`..........................................7..L...\7..x............`.......`..........4...x...T..............................8...............8............................text....z.......|.................. ..`.rdata..R...........................@..@.data........P.......4..............@....pdata.......`.......<..............@..@.rsrc................T..............@..@.reloc..4............^..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\_queue.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):30152
                                                                                                                                                                                    Entropy (8bit):6.179113434701911
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:73ZiJO6iUi3w2SW6A6rOuBvY3nhsXnnSZI57UrIYiSy1pCQLuhmhg:uO6Q3R6rOUQ2iZI57UUYiSyvUmhg
                                                                                                                                                                                    MD5:F9718FE21174D8428F022AAF60BF92DA
                                                                                                                                                                                    SHA1:DB7E85EAA7C795792050AF43D47518CA7FA7878A
                                                                                                                                                                                    SHA-256:95E1C419E08D8AB229B8C64D51FD301CD9D75A659DFC05E75B0317CA0A4F22E3
                                                                                                                                                                                    SHA-512:000929C994446F22E4F11A011C21B7401BBE8B3B1A624B80A4EEB818F94190B3DB2782B00E477E548814CAEA5234D4DE5A8A766D72365C26654D655EC4546BE3
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........q.B...B...B...K..@.......@.......I.......J.......A.......A......@...B...........C.......C.......C.......C...RichB...........PE..d.....;b.........." .........:......................................................bI....`..........................................C..L....C..d....p.......`..0....V..............03..T............................3..8............0..@............................text............................... ..`.rdata.......0......."..............@..@.data... ....P.......@..............@....pdata..0....`.......F..............@..@.rsrc........p.......J..............@..@.reloc...............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\_socket.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):80840
                                                                                                                                                                                    Entropy (8bit):6.16679379591815
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:1536:GBCJoimjxvExWxAm9/s+++pJj1XmrpZxP4cZI5Qw47Syo:dai6lfAm9/sT+pbmrbjZI5Qw46
                                                                                                                                                                                    MD5:0A6C6FD7697E4C3757014FA6BF6DD615
                                                                                                                                                                                    SHA1:F14F79831B8B16A7B31F4C7F698317C023D446F9
                                                                                                                                                                                    SHA-256:A611E9B4F4E5FE67E945B771D79CF15C48441ECFA11CE186CEC9BF233DC20C0D
                                                                                                                                                                                    SHA-512:F5FCFEDE06F0F81229B946F803B6E292FD0C909191F3C2A82CA317FF7C2E08D1EA98AA2D11EC85EDD5449994A2A7C61318A15D47806CD761E25739494F3E18E6
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{..............bk......o.......o.......o.......o.......o..............uh.......o.......o.......o.......o......Rich............................PE..d.....;b.........." .....z..........d(.......................................`.......&....`.........................................0...P............@.......0..t............P..........T...........................P...8............................................text....y.......z.................. ..`.rdata..ly.......z...~..............@..@.data...(...........................@....pdata..t....0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\_ssl.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):156104
                                                                                                                                                                                    Entropy (8bit):5.936947272634989
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:7+W/EKFRXUxwSYQyDiyqoIpy07KhpGs2W74DH70NmHh4kwooSLteSdN1SGwVI5tB:7GKFRXUxrZyDHKehp9743DthN1SGw0
                                                                                                                                                                                    MD5:3BAF56D4E63A800FCAF2CC98FC120709
                                                                                                                                                                                    SHA1:2A33341EDA4B4549452B6DB9B259F8AE6EC9C806
                                                                                                                                                                                    SHA-256:D7610DD6BE63AADA4FE1895B64BBAC961840257C6988E1F68BBF3D8E486B5A45
                                                                                                                                                                                    SHA-512:E48899ED5581FE9F45C02219D62E0ACBC92906AF5B7A3B7D9BE1BB28B41F5CFDB0D3496ABC6D0C1A809BB80D2A49C5A456D34E4667995FB88EF8ACA6958881DD
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d.D. .*. .*. .*.).&.*.r.+.".*.r./.,.*.r...(.*.r.).#.*...+.".*...+.$.*. .+.X.*...+.'.*...'.".*...*.!.*....!.*...(.!.*.Rich .*.........................PE..d.....;b.........." .........................................................p............`.........................................@...d............P.......@.......B.......`..........T...............................8............................................text............................... ..`.rdata..............................@..@.data... n.......h..................@....pdata.......@....... ..............@..@.rsrc........P.......*..............@..@.reloc.......`.......4..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\_uuid.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):24520
                                                                                                                                                                                    Entropy (8bit):6.177351750137684
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:oTcuByPxXyessB5XnkPrVI5ewOIYiSy1pCQvVFh6:owCiB50PrVI5ewDYiSyvnh6
                                                                                                                                                                                    MD5:EFAAB22452B7D55BD684F29D7DF015A0
                                                                                                                                                                                    SHA1:ED9A244F5CCE66B69FA275704BA8048C3956DB91
                                                                                                                                                                                    SHA-256:D8B97BD2D8D372B5B7675F5EC8A31A7F7D01AB36DD8C8273273B4C465B70C4E5
                                                                                                                                                                                    SHA-512:AF7E6535C8E0C540E0BE69A164C00FBF03C572FAEA871A377DB72937A8A54E015EA278FE8981D9A27DAF9BFC094AEEFD036E5B143C58B776AFE995D4B503790A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&4F.bU(.bU(.bU(.k-..`U(.0 ).`U(.0 -.iU(.0 ,.jU(.0 +.aU(.. ).`U(..').gU(.bU).KU(.. .cU(.. (.cU(.. ..cU(.. *.cU(.RichbU(.........................PE..d.....;b.........." .........*......t.....................................................`..........................................9..L...<:..x....p.......`..|....@..........<...L2..T............................2..8............0..p............................text............................... ..`.rdata.......0......................@..@.data........P......................@....pdata..|....`.......0..............@..@.rsrc........p.......4..............@..@.reloc..<............>..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\base_library.zip

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1038695
                                                                                                                                                                                    Entropy (8bit):5.492286183311183
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:24576:TK73vupwcosQNRs54PK4ItEVwHkfVExmFgBTUSCM:TK73vuecosQNRs54PK4ID+wTx
                                                                                                                                                                                    MD5:2E134828C303EDBF09DD29AD27DD4B8A
                                                                                                                                                                                    SHA1:F6D87842CB0273BCB5C62F457CE15F17F4AE1772
                                                                                                                                                                                    SHA-256:53322BCD7DB062B523F28DD68DBA06BBECB20421018F98E199B65D837B3517CE
                                                                                                                                                                                    SHA-512:C3115B060578ACC3AE414E94A60A4082FB069577B2D39BD897D463CB515BBAA033E0E21B1BCA3ED218A78C42D869A69352EA2E588CADE11AC26BE5444A3997B0
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:PK..........!...=............_bootlocale.pyca....................................@....x...d.Z.d.d.l.Z.d.d.l.Z.e.j...d...r,d.d.d...Z.nHz.e.j...W.n2..e.yh......e.e.d...rZd.d.d...Z.n.d.d.d...Z.Y.n.0.d.d.d...Z.d.S.)...A minimal subset of the locale module used at interpreter startup.(imported by the _io module), in order to reduce startup time...Don't import directly from third-party code; use the `locale` module instead!......N..winTc....................C........t.j.j.r.d.S.t.....d...S.).N..UTF-8.........sys..flags..utf8_mode.._locale.._getdefaultlocale....do_setlocale..r......_bootlocale.py..getpreferredencoding...............r......getandroidapilevelc....................C........d.S.).Nr....r....r....r....r....r....r...............c....................C........t.j.j.r.d.S.d.d.l.}.|...|...S.).Nr....r......r....r....r......localer......r....r....r....r....r....r.....................c....................C....6...|.r.J...t.j.j.r.d.S.t...t.j...}.|.s2t.j.d.k.r2d.}.|.S.).Nr......darwin..r....

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\certifi\cacert.pem

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):290282
                                                                                                                                                                                    Entropy (8bit):6.048183244201235
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:QW1H/M8fRR1jplkXURrVADwYCuCigT/Q5MSRqNb7d8iu5Np:QWN/TRJLWURrI55MWavdF0L
                                                                                                                                                                                    MD5:302B49C5F476C0AE35571430BB2E4AA0
                                                                                                                                                                                    SHA1:35A7837A3F1B960807BF46B1C95EC22792262846
                                                                                                                                                                                    SHA-256:CF9D37FA81407AFE11DCC0D70FE602561422AA2344708C324E4504DB8C6C5748
                                                                                                                                                                                    SHA-512:1345AF52984B570B1FF223032575FEB36CDFB4F38E75E0BD3B998BC46E9C646F7AC5C583D23A70460219299B9C04875EF672BF5A0D614618731DF9B7A5637D0A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer\md.cp39-win_amd64.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):10752
                                                                                                                                                                                    Entropy (8bit):4.673140392808471
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:96:sh72HzA5iJGhU2Y0hQMsQJCUCLsZEA4elh2XQMtCFrHx0gzcX6g8cim1qeSju1:u2HzzU2bRYoexHXzcqgvimoe
                                                                                                                                                                                    MD5:D93AD224C10BA644F92232A7B7575E23
                                                                                                                                                                                    SHA1:4A9ABC6292E7434D4B5DD38D18C9C1028564C722
                                                                                                                                                                                    SHA-256:89268BE3CF07B1E3354DDB617CB4FE8D4A37B9A1B474B001DB70165BA75CFF23
                                                                                                                                                                                    SHA-512:B7D86ECD5A7372B92EB6C769047B97E9AF0F875B2B02CFF3E95D3E154EF03D6B9CF39CC3810C5ECA9FEA38FEA6201E26F520DA8B9255A35E40D6EC3D73BB4929
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b6..&W..&W..&W..//..$W..3(..$W..m/..$W..3(..-W..3(...W..3(..%W.."..%W..&W...W.....'W.....'W....a.'W.....'W..Rich&W..........................PE..d...?hAe.........." ...%.....................................................p............`..........................................'..l...\(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\charset_normalizer\md__mypyc.cp39-win_amd64.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):120320
                                                                                                                                                                                    Entropy (8bit):5.877090503831313
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:mYKj20ufpEMocaJX3kjtOvBRPLugqZGL5GF:ONdDKZGLW
                                                                                                                                                                                    MD5:B5692F504B608BE714D5149D35C8C92A
                                                                                                                                                                                    SHA1:62521C88D619ACFFF0F5680F3A9B4C043ACF9A1D
                                                                                                                                                                                    SHA-256:969196CD7CADE4FE63D17CF103B29F14E85246715B1F7558D86E18410DB7BBC0
                                                                                                                                                                                    SHA-512:364EB2157B821C38BDEED5A0922F595FD4EEAD18CEAB84C8B48F42EA49AE301AABC482D25F064495B458CDCB8BFAB5F8001D29A306A6CE1BBB65DB41047D8EA5
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^..S.xr..xr..xr......xr...s..xr.Q.s..xr...w..xr...v..xr...q..xr...s..xr..xs..xr.#.z..xr.#.r..xr.#....xr.#.p..xr.Rich.xr.........PE..d...>hAe.........." ...%.............2....................................... ............`.............................................`...........................................Px...............................w..@............@...............................text...8-.......................... ..`.rdata...X...@...Z...2..............@..@.data...8=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\icon.ico

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:MS Windows icon resource - 1 icon, -128x-128, 32 bits/pixel
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):67646
                                                                                                                                                                                    Entropy (8bit):2.9877924081466984
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:76/22LIO5zUSFZGcj3TQip80U7YVhCUsmlqnrL8sRVzbEQwnOUwFxF9qgdTddRj+:eLVEB1e
                                                                                                                                                                                    MD5:B0FE457D80C766030BE3804E149F4A95
                                                                                                                                                                                    SHA1:32530E3AB0BBD5B22B0FC544FFE829709CAE02EC
                                                                                                                                                                                    SHA-256:1472F258F96FFDBB6B0E147260943599ABACDF6DF0DACE38ABAC9744D6B18590
                                                                                                                                                                                    SHA-512:EB704A2CB38F594B80EAEC2D1FDB9D5F9BB6FB04494799895CF12CB002205225983D5B217B19C61672BE43F9EFAD752F1726B0D62EB7A75777F3A893AD6BEC0A
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:............ .(.......(............. .........8...8...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................82&.94&.93&.82&.82&.82&.82&.82&.82&.82&.82&.82&.82&.82&.82&.82&.82&.51%.51%.92&...................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\libcrypto-1_1.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):3439512
                                                                                                                                                                                    Entropy (8bit):6.096012359425593
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:98304:kw+jlHDGV+EafwAlViBksm1CPwDv3uFfJ1:1slHDG2fwAriXm1CPwDv3uFfJ1
                                                                                                                                                                                    MD5:AB01C808BED8164133E5279595437D3D
                                                                                                                                                                                    SHA1:0F512756A8DB22576EC2E20CF0CAFEC7786FB12B
                                                                                                                                                                                    SHA-256:9C0A0A11629CCED6A064932E95A0158EE936739D75A56338702FED97CB0BAD55
                                                                                                                                                                                    SHA-512:4043CDA02F6950ABDC47413CFD8A0BA5C462F16BCD4F339F9F5A690823F4D0916478CAB5CAE81A3D5B03A8A196E17A716B06AFEE3F92DEC3102E3BBC674774F2
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........R.m.R.m.R.m.[...@.m.0.l.P.m.0.h.^.m.0.i.Z.m.0.n.V.m.R.l..m..l.Y.m...n.O.m...i.+.m...m.S.m....S.m...o.S.m.RichR.m.........................PE..d...`.0b.........." ......$...................................................5......4...`..........................................x/..h...:4.@....p4.|....p2.8....\4.......4..O....,.8...........................`.,.@............04..............................text.....$.......$................. ..`.rdata........$.......$.............@..@.data...!z....1..,....1.............@....pdata.......p2.......1.............@..@.idata..^#...04..$....3.............@..@.00cfg..u....`4.......3.............@..@.rsrc...|....p4.......3.............@..@.reloc...y....4..z....3.............@..B................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\libffi-7.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):32792
                                                                                                                                                                                    Entropy (8bit):6.3566777719925565
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:384:2nypDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYIoBneEAR8:2l0Vn5Q28J8qsqMttktDxOpWDG4yKRF
                                                                                                                                                                                    MD5:EEF7981412BE8EA459064D3090F4B3AA
                                                                                                                                                                                    SHA1:C60DA4830CE27AFC234B3C3014C583F7F0A5A925
                                                                                                                                                                                    SHA-256:F60DD9F2FCBD495674DFC1555EFFB710EB081FC7D4CAE5FA58C438AB50405081
                                                                                                                                                                                    SHA-512:DC9FF4202F74A13CA9949A123DFF4C0223DA969F49E9348FEAF93DA4470F7BE82CFA1D392566EAAA836D77DDE7193FED15A8395509F72A0E9F97C66C0A096016
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.3.r}]Ar}]Ar}]A{..Ap}]A .\@p}]A..\@q}]Ar}\AU}]A .X@~}]A .Y@z}]A .^@q}]A..Y@t}]A..^@s}]A..]@s}]A.._@s}]ARichr}]A........................PE..d......].........." .....F...$.......I....................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\libssl-1_1.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):698784
                                                                                                                                                                                    Entropy (8bit):5.533720236597082
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12288:waXWJ978LddzAPcWTWxYx2OCf2QmAr39Zu+DIpEpXKWRq0qwMUxQU2lvz:dddzAjKnD/QGXKzpwMUCU2lvz
                                                                                                                                                                                    MD5:DE72697933D7673279FB85FD48D1A4DD
                                                                                                                                                                                    SHA1:085FD4C6FB6D89FFCC9B2741947B74F0766FC383
                                                                                                                                                                                    SHA-256:ED1C8769F5096AFD000FC730A37B11177FCF90890345071AB7FBCEAC684D571F
                                                                                                                                                                                    SHA-512:0FD4678C65DA181D7C27B19056D5AB0E5DD0E9714E9606E524CDAD9E46EC4D0B35FE22D594282309F718B30E065F6896674D3EDCE6B3B0C8EB637A3680715C2C
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......{.T.?.:.?.:.?.:.6f..3.:.]f;.=.:..l;.=.:.]f?.3.:.]f>.7.:.]f9.;.:..g;.<.:.?.;...:..g>...:..g:.>.:..g.>.:..g8.>.:.Rich?.:.........PE..d.....0b.........." .....<...T......<................................................[....`.........................................00...N..HE..........s.......|M..............h... ...8...............................@............0..H............................text....:.......<.................. ..`.rdata..:....P...0...@..............@..@.data...AM.......D...p..............@....pdata..dV.......X..................@..@.idata..PW...0...X..................@..@.00cfg..u............d..............@..@.rsrc...s............f..............@..@.reloc..a............n..............@..B................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\packs.sha256

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):490927
                                                                                                                                                                                    Entropy (8bit):5.03059381086955
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:6144:kPM4sAhq8NRToFMC5B3YC6WWmO5NUjEeinQHBWW2d9KEaFvdBhhPh25dmNC+F:kPM4FC5FBWna5ik2dAFv/hueNC+F
                                                                                                                                                                                    MD5:F957DAA947E41003AFF3BE5285EF16A9
                                                                                                                                                                                    SHA1:0AF8277470EBB644C9110689E34676924A6B632E
                                                                                                                                                                                    SHA-256:BE9032D65E872891DB9722CB4ED28CCC2F176C84DD1455D0B313E3957B44B849
                                                                                                                                                                                    SHA-512:BEC4AA85F89F74C4BFF8F82C73890243635A4E6F6BE29063FF4E41F3035C97636B99E6F91CCF711F0B48A21555C4ED84400CBEE84152AA245BEF7C6396F11EC6
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:8f3f95e347f711c7c92f1a692d6ce1915627447defc49b587ebf6a5073efb9e7 en-US/aadcloudap.dll.mui.c20bd71ff07f98477f1fc7c1990c80aed0e60c3768b7f229acfa7286293a29d6 en-US/aadtb.dll.mui.06cee7c3dd9f4fe48a7a1050a7be3f8dc294625d5511a8cd9ab51374451c6503 en-US/aadWamExtension.dll.mui.d82af48cb0e3a76c01dabaa6506ad9a130fb0a38dc5cc8d9fa5c0f239c7ef672 en-US/AboutSettingsHandlers.dll.mui.47a07b5fc2b4a56090e4ec0e5dcd37d788f8f91371ae6766c58ae34dcc42b86e en-US/accessibilitycpl.dll.mui.cc52234329ba0f35f2b5f81bcc8b35d6dbe2f87bc41a8c310b7c7d53d5d71aa3 en-US/AccountAccessor.dll.mui.413f96a418cb3cbcd97fd9dd8a645547cb94a1d2d3dffe72a3770f1e4dc99ec8 en-US/AccountsRT.dll.mui.4ce1031f1547a268103f60fe57aeb61efe45743369254878c28969a603d4218e en-US/acledit.dll.mui.066f09f0acb78ee34f295c353f74b597108d0866bf48eed03bd29162031070c0 en-US/aclui.dll.mui.0aca2a811c1936c4201c86743a717dc1ef715ec37d06236a743d2e7818f65737 en-US/acppage.dll.mui.1a786782e1f158a8981f27b06044181c79581051f2e0f20a673218490c2d8def en-US/acproxy

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\pyarmor_runtime.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):620032
                                                                                                                                                                                    Entropy (8bit):6.1916778134841906
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12288:qTlIttemLwKXcuFdcj7fUoPHlttNynEGyEC:q5w/cuFdcj7fUoPHlttNynH
                                                                                                                                                                                    MD5:149DBFEB76B9F8F6B7DDDE1EAAC61118
                                                                                                                                                                                    SHA1:747DB9BF10E9231DEB2CB2619C5ECF89B7DB6232
                                                                                                                                                                                    SHA-256:1CEBFDD7C65B99DC6EE477BFAD9F236940EAA8C0383A90A68EE467D32411C01F
                                                                                                                                                                                    SHA-512:92BF3BF0A7E41CB06958E4AC23665E324A3220BFD49C2FAA366C9DD37E39F95770559F75285B38E3F15B0C8D5829D8BBBD7EA4ACD9F31A2CCBB53A428DA34FB4
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".........r...h..0..........a.............................P.......o........ .........................................]........2..............p#...........@..................................(.......................`............................text...h...........................`.P`.data....H.......J..................@.`..rdata.......@......................@.`@.pdata..p#.......$..................@.0@.xdata...%...0...&..................@.0@.bss.....f...`........................`..edata..]............8..............@.0@.idata...2.......4...:..............@.0..CRT....X.... .......n..............@.@..tls.........0.......p..............@.@..reloc.......@.......r..............@.0B........................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\pyarmor_runtime_000000\pyarmor_runtime.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):620032
                                                                                                                                                                                    Entropy (8bit):6.1916778134841906
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12288:qTlIttemLwKXcuFdcj7fUoPHlttNynEGyEC:q5w/cuFdcj7fUoPHlttNynH
                                                                                                                                                                                    MD5:149DBFEB76B9F8F6B7DDDE1EAAC61118
                                                                                                                                                                                    SHA1:747DB9BF10E9231DEB2CB2619C5ECF89B7DB6232
                                                                                                                                                                                    SHA-256:1CEBFDD7C65B99DC6EE477BFAD9F236940EAA8C0383A90A68EE467D32411C01F
                                                                                                                                                                                    SHA-512:92BF3BF0A7E41CB06958E4AC23665E324A3220BFD49C2FAA366C9DD37E39F95770559F75285B38E3F15B0C8D5829D8BBBD7EA4ACD9F31A2CCBB53A428DA34FB4
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".........r...h..0..........a.............................P.......o........ .........................................]........2..............p#...........@..................................(.......................`............................text...h...........................`.P`.data....H.......J..................@.`..rdata.......@......................@.`@.pdata..p#.......$..................@.0@.xdata...%...0...&..................@.0@.bss.....f...`........................`..edata..]............8..............@.0@.idata...2.......4...:..............@.0..CRT....X.... .......n..............@.@..tls.........0.......p..............@.@..reloc.......@.......r..............@.0B........................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\python39.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):4523976
                                                                                                                                                                                    Entropy (8bit):6.435919894293302
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:98304:Grk4ZPyKFv2bwgdGGtudvURuHRMXIwzXT:GrjZKKFehdGGt5XlXT
                                                                                                                                                                                    MD5:19E6D310C1BD0578D468A888D3EC0E3D
                                                                                                                                                                                    SHA1:32561AD9B89DC9E9A086569780890AD10337E698
                                                                                                                                                                                    SHA-256:F4609EC3BBCC74ED9257E3440EC15ADF3061F7162A89E4E9A370E1C2273370A1
                                                                                                                                                                                    SHA-512:4A8332C22A40A170EA83FC8CFD5B8A0ED0DF1D59FD22EBE10088BA0BE78CC0E91A537D7085549A4D06204CBE77E83154A812DAED885C25AA4B4CB4ACA5B9CC85
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F....|...|...|..P....|..d....|..P....|..P....|..P....|....h..|.......|...|..Y}.......|.......|.......|.......|..Rich.|..........PE..d...l.;b.........." ......#...#.....0.........................................G.....":E...`..........................................I=.......>.|....0G.......D..8....D......@G..v...Y%.T...........................@Z%.8.............#.h............................text...$.#.......#................. ..`.rdata...S....#..T....#.............@..@.data........@>.......>.............@....pdata...8....D..:...,B.............@..@.rsrc........0G......fD.............@..@.reloc...v...@G..x...pD.............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\pywin32_system32\pywintypes39.dll

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):134656
                                                                                                                                                                                    Entropy (8bit):6.0017332542566715
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072://ZCM+lst/TPZa4TjDY/r06trJhQAjkYe1K6SXxKpjAjfMG://ZCplst/TPnY/rxt6A4Ye1KbXYpEjf
                                                                                                                                                                                    MD5:F20FD2E2AC9058A9FD227172F8FF2C12
                                                                                                                                                                                    SHA1:89EBA891352BE46581B94A17DB7C2EDE9A39AB01
                                                                                                                                                                                    SHA-256:20BDE8E50E42F7AABF59106EEA238FCC0DECE0C6E362C0A7FEEB004AB981DB8A
                                                                                                                                                                                    SHA-512:42A86FA192AEA7ADB4283DC48A323A4F687DAD40060EA3FFDDCD8FD7670BB535D31A7764706E5C5473DA28399FEC048AE714A111EE238BB25E1AAD03E12078D4
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9.$.X.w.X.w.X.w. Kw.X.w.-.v.X.w.7%w.X.w.-.v.X.w.-.v.X.w.-.v.X.w.3.v.X.wY1.v.X.w.3.v.X.w.X.w&X.w.-.v.X.w.-.v.X.w.-.v.X.wRich.X.w........PE..d......d.........." .........................................................P............`..........................................u..`B..p...,....0..d.......L............@..0...`Q..T............................Q..8............................................text............................... ..`.rdata..\...........................@..@.data....-.......(..................@....pdata..L...........................@..@.rsrc...d....0......................@..@.reloc..0....@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\select.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):29640
                                                                                                                                                                                    Entropy (8bit):6.24629892386138
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:g2YyAU1265whJBHqgORWZI57GZYiSyvwhT:v86Gh/KgORWZI57GZ7Syo
                                                                                                                                                                                    MD5:196C4D2F8BDC9E9D2DBCCE866050684C
                                                                                                                                                                                    SHA1:1166C85C761D8188C45D9CC7441ABFE8A7071132
                                                                                                                                                                                    SHA-256:CD31F9F557D57A6909186940EAFE483C37DE9A7251E604644A747C7EC26B7823
                                                                                                                                                                                    SHA-512:CB9A02530721482F0FF912CA65DAE94F6930676E2390CB5523F99452174622D7E2E70CAFAF46E053F0C3DFC314EDC8C2F4FD3BC7EA888BE81E83FF40D3A30E78
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......... ...N...N...N.......N...O...N...K...N...J...N...M...N.O.O...N...O...N.!.O...N.O.C...N.O.N...N.O.....N.O.L...N.Rich..N.........................PE..d.....;b.........." ....."...4......................................................3<....`..........................................Q..L....R..x............p..T....T..........D....B..T...........................0C..8............@..(............................text.... .......".................. ..`.rdata..J....@.......&..............@..@.data........`.......B..............@....pdata..T....p.......D..............@..@.rsrc................H..............@..@.reloc..D............R..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\unicodedata.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):1122248
                                                                                                                                                                                    Entropy (8bit):5.37506480885596
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:12288:CezMmuZ63NhQCb5Pfhnzr0ql8L8kkM7IRG5eeme6VZyrIBHdQLhfFE+uoUT:CezuiZV0m88MMREtV6Vo4uYoUT
                                                                                                                                                                                    MD5:684AE6992F55AD6C64588367E42F44F7
                                                                                                                                                                                    SHA1:66D8868286924ADA60966A620DFFE87B2C978711
                                                                                                                                                                                    SHA-256:91834E28CC0ACBD966DC6D323B95113E0050301B7CD6CD4ABE43390F2BBDDB34
                                                                                                                                                                                    SHA-512:70453EE98CBF6365AA7A326520CDAD438D6A1D6F463DA6180CB5E20708647951831D232B577BE50A16825912A9E40386C64A9987E3265FC870CDDD918B31614C
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......".$~fOJ-fOJ-fOJ-o7.-`OJ-4:K,dOJ-4:O,jOJ-4:N,nOJ-4:I,eOJ-.:K,eOJ-.=K,dOJ-fOK-,OJ-.:G,gOJ-.:J,gOJ-.:.-gOJ-.:H,gOJ-RichfOJ-........PE..d.....;b.........." .....J..........T).......................................@............`.............................................X...h........ .......................0......`L..T............................L..8............`...............................text....I.......J.................. ..`.rdata.."....`.......N..............@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\win32api.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):133632
                                                                                                                                                                                    Entropy (8bit):5.851469350935171
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:3072:pI+kHubb2wCc8Rd0BvDAQolRVFhLaNKPNyymA4FZ5dorG0e:ShObbac8Rd0BUlRVlPNynFZ57
                                                                                                                                                                                    MD5:05E4B3B876E5FA6A2B8951F764559623
                                                                                                                                                                                    SHA1:4AD50F70EEF4FEAA9D051C2F161FBAC8A862A4BC
                                                                                                                                                                                    SHA-256:A52F8BD28B5B9558CDE10333CE452A7D6F338CE1005A2B8451755005868E4A98
                                                                                                                                                                                    SHA-512:5648306AF7C056C9250731B7D5A508664294BBB8BA865F9DC06FD7216ADF7B8CC31B1CFBC0175C7F2752680744F6546A1959E7F7D1EC7A8A845F75642CE034D9
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t.uV0...0...0...9...8...b...4...b...8...b...4.......2.......2...b...'...$...;...0...g.......2.......1.......1...Rich0...................PE..d......d.........." .........................................................P............`..........................................................0..T....................@..$....v..T............................<..8............0..........@....................text............................... ..`.rdata......0......................@..@.data...x(......."..................@....pdata..............................@..@.rsrc...T....0......................@..@.reloc..$....@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI68642\win32event.pyd

                                                                                                                                                                                    Download File
                                                                                                                                                                                    Process:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                    Size (bytes):28672
                                                                                                                                                                                    Entropy (8bit):5.566183037243278
                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                    SSDEEP:768:pu2z3oHKLNA/jhfWddbcrsdcBi60k/MwJba:pXkHkNA/jhfWddbcBBi60k/MwJba
                                                                                                                                                                                    MD5:E4C515DF1FEDF6BC59E7FED6AB194E00
                                                                                                                                                                                    SHA1:B26384AEC2EE25EE59CD45FB77AC04A3FB46A80F
                                                                                                                                                                                    SHA-256:E469C3E9A6836CE38DEA05854D27CAA33EB766882527F73F60E3E2254BADC51B
                                                                                                                                                                                    SHA-512:123D16456B86C406F23C366349DF5785D9CC793ADBBBB7CF50B64B318C16F5FE703B600A3C67A979319BC779049F786F4AD675C22B1973FA712C6623695E7EF7
                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P.*..uD..uD..uD......uD.F.E..uD.F.A..uD.F.@..uD.F.G..uD...E..uD..E..uD...E..uD..uE.NuD...M..uD...D..uD...F..uD.Rich.uD.........................PE..d......d.........." .....8...4.......3....................................................`..........................................f..T...4g..........\............................Z..T............................Z..8............P...............................text...86.......8.................. ..`.rdata...#...P...$...<..............@..@.data................`..............@....pdata...............d..............@..@.rsrc...\............j..............@..@.reloc...............n..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                    Static File Info

                                                                                                                                                                                    General

                                                                                                                                                                                    File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                    Entropy (8bit):7.991122285185765
                                                                                                                                                                                    TrID:
                                                                                                                                                                                    • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                    • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                    File name:datasett.exe
                                                                                                                                                                                    File size:11'185'705 bytes
                                                                                                                                                                                    MD5:3a90d6fa7c4cccd6ec03eb0667807b5b
                                                                                                                                                                                    SHA1:3c88e16a010d5b464be251107bfb17de08daa445
                                                                                                                                                                                    SHA256:339b04f57ff45915e7eb52ec9dca9bc85375a13028ade3d310a357fb79c4e5b0
                                                                                                                                                                                    SHA512:2c3cb4f8ce17fb304313d6a6cd7c2ad8bceb5a0a4fcd533d0b33ab012d1b5d02ecb7ba82f2eebe821206bf77e33180f131f35624aae3e071a70bb10a2d59aa07
                                                                                                                                                                                    SSDEEP:196608:l2aeDhL2Vmd6+DdfpJVAzDaku9QmEQxzKEp042pOUJ1MiRQXu9oZCP0U2fK7/j:PuhL2Vmd6mfJVAzDakhrQZhp042EAGXI
                                                                                                                                                                                    TLSH:0EB63348369008A2F4A71036CD61D532D57EB41DB687C9FF86B196A00F67AF3E877B60
                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6_..W1..W1..W1../2..W1../4.)W1../5..W1..+...W1..+4..W1..+5..W1..+2..W1../0..W1..W0..W1.W+5..W1.W+3..W1.Rich.W1.........PE..d..

                                                                                                                                                                                    File Icon

                                                                                                                                                                                    Icon Hash:0f338dd65663330f

                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                    General

                                                                                                                                                                                    Entrypoint:0x14000b310
                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                    Imagebase:0x140000000
                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                    Time Stamp:0x66411729 [Sun May 12 19:23:21 2024 UTC]
                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                    OS Version Major:5
                                                                                                                                                                                    OS Version Minor:2
                                                                                                                                                                                    File Version Major:5
                                                                                                                                                                                    File Version Minor:2
                                                                                                                                                                                    Subsystem Version Major:5
                                                                                                                                                                                    Subsystem Version Minor:2
                                                                                                                                                                                    Import Hash:0b5552dccd9d0a834cea55c0c8fc05be

                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                    Instruction
                                                                                                                                                                                    dec eax
                                                                                                                                                                                    sub esp, 28h
                                                                                                                                                                                    call 00007FF74518E8CCh
                                                                                                                                                                                    dec eax
                                                                                                                                                                                    add esp, 28h
                                                                                                                                                                                    jmp 00007FF74518E4DFh
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    dec eax
                                                                                                                                                                                    sub esp, 28h
                                                                                                                                                                                    call 00007FF74518EE44h
                                                                                                                                                                                    test eax, eax
                                                                                                                                                                                    je 00007FF74518E683h
                                                                                                                                                                                    dec eax
                                                                                                                                                                                    mov eax, dword ptr [00000030h]
                                                                                                                                                                                    dec eax
                                                                                                                                                                                    mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                    jmp 00007FF74518E667h
                                                                                                                                                                                    dec eax
                                                                                                                                                                                    cmp ecx, eax
                                                                                                                                                                                    je 00007FF74518E676h
                                                                                                                                                                                    xor eax, eax
                                                                                                                                                                                    dec eax
                                                                                                                                                                                    cmpxchg dword ptr [0004121Ch], ecx
                                                                                                                                                                                    jne 00007FF74518E650h
                                                                                                                                                                                    xor al, al
                                                                                                                                                                                    dec eax
                                                                                                                                                                                    add esp, 28h
                                                                                                                                                                                    ret
                                                                                                                                                                                    mov al, 01h
                                                                                                                                                                                    jmp 00007FF74518E659h
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    inc eax
                                                                                                                                                                                    push ebx
                                                                                                                                                                                    dec eax
                                                                                                                                                                                    sub esp, 20h
                                                                                                                                                                                    movzx eax, byte ptr [00041207h]
                                                                                                                                                                                    test ecx, ecx
                                                                                                                                                                                    mov ebx, 00000001h
                                                                                                                                                                                    cmove eax, ebx
                                                                                                                                                                                    mov byte ptr [000411F7h], al
                                                                                                                                                                                    call 00007FF74518EC43h
                                                                                                                                                                                    call 00007FF74518FD72h
                                                                                                                                                                                    test al, al
                                                                                                                                                                                    jne 00007FF74518E666h
                                                                                                                                                                                    xor al, al
                                                                                                                                                                                    jmp 00007FF74518E676h
                                                                                                                                                                                    call 00007FF74519C351h
                                                                                                                                                                                    test al, al
                                                                                                                                                                                    jne 00007FF74518E66Bh
                                                                                                                                                                                    xor ecx, ecx
                                                                                                                                                                                    call 00007FF74518FD82h
                                                                                                                                                                                    jmp 00007FF74518E64Ch
                                                                                                                                                                                    mov al, bl
                                                                                                                                                                                    dec eax
                                                                                                                                                                                    add esp, 20h
                                                                                                                                                                                    pop ebx
                                                                                                                                                                                    ret
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    int3
                                                                                                                                                                                    inc eax
                                                                                                                                                                                    push ebx
                                                                                                                                                                                    dec eax
                                                                                                                                                                                    sub esp, 20h
                                                                                                                                                                                    cmp byte ptr [000411BCh], 00000000h
                                                                                                                                                                                    mov ebx, ecx
                                                                                                                                                                                    jne 00007FF74518E6C9h
                                                                                                                                                                                    cmp ecx, 01h
                                                                                                                                                                                    jnbe 00007FF74518E6CCh
                                                                                                                                                                                    call 00007FF74518EDAAh
                                                                                                                                                                                    test eax, eax
                                                                                                                                                                                    je 00007FF74518E68Ah

                                                                                                                                                                                    Data Directories

                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x3bd0c0x78.rdata
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x520000x11228.rsrc
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x4e0000x20c4.pdata
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x640000x758.reloc
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x394800x1c.rdata
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x393400x140.rdata
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x2a0000x418.rdata
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                    Sections

                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                    .text0x10000x288000x28800443d51fb84559b563832949912f06b00False0.5583465952932098data6.488023200564254IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    .rdata0x2a0000x12b160x12c00c03e344b6f216f4bba5aafc8b12c08c3False0.5154817708333334data5.824669117167863IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    .data0x3d0000x103f80xe00afabb66fdcd2825de5909f10c900fca7False0.13309151785714285DOS executable (block device driver \377\3)1.8096886543499544IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                    .pdata0x4e0000x20c40x22007b210ceebebc00c96d1c55c2b456bbb4False0.47794117647058826data5.274096406482418IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    _RDATA0x510000x15c0x200c059b775abce97446903f3597b027faeFalse0.384765625data2.808567494642619IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    .rsrc0x520000x112280x1140079a551190dcc027e614e45a9fffaf10dFalse0.20028023097826086data3.223763623407736IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                    .reloc0x640000x7580x80011aaafc72361ec8886a740c3e209ceb3False0.544921875data5.2576643703968475IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                    Resources

                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                    RT_ICON0x521300x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 60472 x 60472 px/m0.19016917070862416
                                                                                                                                                                                    RT_GROUP_ICON0x629580x14data1.15
                                                                                                                                                                                    RT_VERSION0x6296c0x2e4data0.45675675675675675
                                                                                                                                                                                    RT_MANIFEST0x62c500x5d7XML 1.0 document, ASCII text, with CRLF line terminators0.45217391304347826

                                                                                                                                                                                    Imports

                                                                                                                                                                                    DLLImport
                                                                                                                                                                                    USER32.dllCreateWindowExW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                    COMCTL32.dll
                                                                                                                                                                                    KERNEL32.dllGetStringTypeW, GetFileAttributesExW, HeapReAlloc, FlushFileBuffers, GetCurrentDirectoryW, IsValidCodePage, GetACP, GetModuleHandleW, MulDiv, GetLastError, SetDllDirectoryW, GetModuleFileNameW, GetProcAddress, GetCommandLineW, GetEnvironmentVariableW, GetOEMCP, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, SetConsoleCtrlHandler, FindClose, FindFirstFileExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, WriteConsoleW, SetEnvironmentVariableW, RtlUnwindEx, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, SetEndOfFile, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindNextFileW, SetStdHandle, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW
                                                                                                                                                                                    ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                    GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                    Dec 24, 2024 16:47:01.285064936 CET49731443192.168.2.4104.26.3.46
                                                                                                                                                                                    Dec 24, 2024 16:47:01.285152912 CET44349731104.26.3.46192.168.2.4
                                                                                                                                                                                    Dec 24, 2024 16:47:01.285264015 CET49731443192.168.2.4104.26.3.46
                                                                                                                                                                                    Dec 24, 2024 16:47:01.299833059 CET49731443192.168.2.4104.26.3.46
                                                                                                                                                                                    Dec 24, 2024 16:47:01.299905062 CET44349731104.26.3.46192.168.2.4
                                                                                                                                                                                    Dec 24, 2024 16:47:02.537151098 CET44349731104.26.3.46192.168.2.4
                                                                                                                                                                                    Dec 24, 2024 16:47:02.537796974 CET49731443192.168.2.4104.26.3.46
                                                                                                                                                                                    Dec 24, 2024 16:47:02.537859917 CET44349731104.26.3.46192.168.2.4
                                                                                                                                                                                    Dec 24, 2024 16:47:02.539015055 CET44349731104.26.3.46192.168.2.4
                                                                                                                                                                                    Dec 24, 2024 16:47:02.539084911 CET49731443192.168.2.4104.26.3.46
                                                                                                                                                                                    Dec 24, 2024 16:47:02.539706945 CET49731443192.168.2.4104.26.3.46
                                                                                                                                                                                    Dec 24, 2024 16:47:02.539838076 CET44349731104.26.3.46192.168.2.4
                                                                                                                                                                                    Dec 24, 2024 16:47:02.539874077 CET49731443192.168.2.4104.26.3.46
                                                                                                                                                                                    Dec 24, 2024 16:47:02.539911032 CET49731443192.168.2.4104.26.3.46

                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                    Dec 24, 2024 16:47:00.823235035 CET5791453192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 24, 2024 16:47:01.279517889 CET53579141.1.1.1192.168.2.4

                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                    Dec 24, 2024 16:47:00.823235035 CET192.168.2.41.1.1.10xe1dStandard query (0)iplogger.orgA (IP address)IN (0x0001)false

                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                    Dec 24, 2024 16:47:01.279517889 CET1.1.1.1192.168.2.40xe1dNo error (0)iplogger.org104.26.3.46A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 24, 2024 16:47:01.279517889 CET1.1.1.1192.168.2.40xe1dNo error (0)iplogger.org104.26.2.46A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 24, 2024 16:47:01.279517889 CET1.1.1.1192.168.2.40xe1dNo error (0)iplogger.org172.67.74.161A (IP address)IN (0x0001)false

                                                                                                                                                                                    Statistics

                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                    Behavior

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    System Behavior

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                    Start time:10:46:56
                                                                                                                                                                                    Start date:24/12/2024
                                                                                                                                                                                    Path:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\datasett.exe"
                                                                                                                                                                                    Imagebase:0x7ff799670000
                                                                                                                                                                                    File size:11'185'705 bytes
                                                                                                                                                                                    MD5 hash:3A90D6FA7C4CCCD6EC03EB0667807B5B
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:1
                                                                                                                                                                                    Start time:10:46:58
                                                                                                                                                                                    Start date:24/12/2024
                                                                                                                                                                                    Path:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\datasett.exe"
                                                                                                                                                                                    Imagebase:0x7ff799670000
                                                                                                                                                                                    File size:11'185'705 bytes
                                                                                                                                                                                    MD5 hash:3A90D6FA7C4CCCD6EC03EB0667807B5B
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:2
                                                                                                                                                                                    Start time:10:47:01
                                                                                                                                                                                    Start date:24/12/2024
                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /c schtasks /create /sc MINUTE /mo 15 /tn "VirboUpd" /tr "C:\Users\user\Desktop\datasett.exe" /f
                                                                                                                                                                                    Imagebase:0x7ff6fb660000
                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:3
                                                                                                                                                                                    Start time:10:47:01
                                                                                                                                                                                    Start date:24/12/2024
                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:4
                                                                                                                                                                                    Start time:10:47:01
                                                                                                                                                                                    Start date:24/12/2024
                                                                                                                                                                                    Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:schtasks /create /sc MINUTE /mo 15 /tn "VirboUpd" /tr "C:\Users\user\Desktop\datasett.exe" /f
                                                                                                                                                                                    Imagebase:0x7ff76f990000
                                                                                                                                                                                    File size:235'008 bytes
                                                                                                                                                                                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:5
                                                                                                                                                                                    Start time:10:47:01
                                                                                                                                                                                    Start date:24/12/2024
                                                                                                                                                                                    Path:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    Imagebase:0x7ff799670000
                                                                                                                                                                                    File size:11'185'705 bytes
                                                                                                                                                                                    MD5 hash:3A90D6FA7C4CCCD6EC03EB0667807B5B
                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:6
                                                                                                                                                                                    Start time:10:47:04
                                                                                                                                                                                    Start date:24/12/2024
                                                                                                                                                                                    Path:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                    Imagebase:0x7ff799670000
                                                                                                                                                                                    File size:11'185'705 bytes
                                                                                                                                                                                    MD5 hash:3A90D6FA7C4CCCD6EC03EB0667807B5B
                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    Disassembly

                                                                                                                                                                                    Reset < >

                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                      Execution Coverage:10.7%
                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                      Signature Coverage:16.3%
                                                                                                                                                                                      Total number of Nodes:2000
                                                                                                                                                                                      Total number of Limit Nodes:25
                                                                                                                                                                                      execution_graph 17645 7ff79968fa08 17646 7ff79968fa2c 17645->17646 17648 7ff79968fa3c 17645->17648 17647 7ff799684444 _wfindfirst32i64 11 API calls 17646->17647 17670 7ff79968fa31 17647->17670 17649 7ff79968fd1c 17648->17649 17651 7ff79968fa5e 17648->17651 17650 7ff799684444 _wfindfirst32i64 11 API calls 17649->17650 17652 7ff79968fd21 17650->17652 17653 7ff79968fa7f 17651->17653 17791 7ff7996900c4 17651->17791 17654 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17652->17654 17656 7ff79968faf1 17653->17656 17658 7ff79968faa5 17653->17658 17662 7ff79968fae5 17653->17662 17654->17670 17660 7ff79968dd40 _wfindfirst32i64 11 API calls 17656->17660 17675 7ff79968fab4 17656->17675 17657 7ff79968fb9e 17669 7ff79968fbbb 17657->17669 17676 7ff79968fc0d 17657->17676 17806 7ff799688518 17658->17806 17663 7ff79968fb07 17660->17663 17662->17657 17662->17675 17812 7ff7996964ac 17662->17812 17666 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17663->17666 17665 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17665->17670 17671 7ff79968fb15 17666->17671 17667 7ff79968faaf 17672 7ff799684444 _wfindfirst32i64 11 API calls 17667->17672 17668 7ff79968facd 17668->17662 17674 7ff7996900c4 45 API calls 17668->17674 17673 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17669->17673 17671->17662 17671->17675 17679 7ff79968dd40 _wfindfirst32i64 11 API calls 17671->17679 17672->17675 17677 7ff79968fbc4 17673->17677 17674->17662 17675->17665 17676->17675 17678 7ff7996924fc 40 API calls 17676->17678 17686 7ff79968fbc9 17677->17686 17848 7ff7996924fc 17677->17848 17680 7ff79968fc4a 17678->17680 17682 7ff79968fb37 17679->17682 17683 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17680->17683 17688 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17682->17688 17684 7ff79968fc54 17683->17684 17684->17675 17684->17686 17685 7ff79968fd10 17690 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17685->17690 17686->17685 17691 7ff79968dd40 _wfindfirst32i64 11 API calls 17686->17691 17687 7ff79968fbf5 17689 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17687->17689 17688->17662 17689->17686 17690->17670 17692 7ff79968fc98 17691->17692 17693 7ff79968fca0 17692->17693 17694 7ff79968fca9 17692->17694 17695 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17693->17695 17696 7ff7996891ac __std_exception_copy 37 API calls 17694->17696 17697 7ff79968fca7 17695->17697 17698 7ff79968fcb8 17696->17698 17703 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17697->17703 17699 7ff79968fcc0 17698->17699 17700 7ff79968fd4b 17698->17700 17857 7ff7996965c4 17699->17857 17702 7ff799689dd0 _wfindfirst32i64 17 API calls 17700->17702 17705 7ff79968fd5f 17702->17705 17703->17670 17708 7ff79968fd88 17705->17708 17714 7ff79968fd98 17705->17714 17706 7ff79968fce7 17709 7ff799684444 _wfindfirst32i64 11 API calls 17706->17709 17707 7ff79968fd08 17711 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17707->17711 17710 7ff799684444 _wfindfirst32i64 11 API calls 17708->17710 17712 7ff79968fcec 17709->17712 17738 7ff79968fd8d 17710->17738 17711->17685 17713 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17712->17713 17713->17697 17715 7ff79969007b 17714->17715 17717 7ff79968fdba 17714->17717 17716 7ff799684444 _wfindfirst32i64 11 API calls 17715->17716 17719 7ff799690080 17716->17719 17718 7ff79968fdd7 17717->17718 17776 7ff7996901ac 17717->17776 17722 7ff79968fe4b 17718->17722 17724 7ff79968fdff 17718->17724 17728 7ff79968fe3f 17718->17728 17721 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17719->17721 17721->17738 17726 7ff79968fe73 17722->17726 17729 7ff79968dd40 _wfindfirst32i64 11 API calls 17722->17729 17745 7ff79968fe0e 17722->17745 17723 7ff79968fefe 17737 7ff79968ff1b 17723->17737 17746 7ff79968ff6e 17723->17746 17876 7ff799688554 17724->17876 17726->17728 17731 7ff79968dd40 _wfindfirst32i64 11 API calls 17726->17731 17726->17745 17728->17723 17728->17745 17882 7ff79969636c 17728->17882 17733 7ff79968fe65 17729->17733 17736 7ff79968fe95 17731->17736 17732 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17732->17738 17739 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17733->17739 17734 7ff79968fe27 17734->17728 17744 7ff7996901ac 45 API calls 17734->17744 17735 7ff79968fe09 17740 7ff799684444 _wfindfirst32i64 11 API calls 17735->17740 17741 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17736->17741 17742 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17737->17742 17739->17726 17740->17745 17741->17728 17743 7ff79968ff24 17742->17743 17750 7ff7996924fc 40 API calls 17743->17750 17753 7ff79968ff2a 17743->17753 17744->17728 17745->17732 17746->17745 17747 7ff7996924fc 40 API calls 17746->17747 17748 7ff79968ffac 17747->17748 17749 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17748->17749 17751 7ff79968ffb6 17749->17751 17754 7ff79968ff56 17750->17754 17751->17745 17751->17753 17752 7ff79969006f 17756 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17752->17756 17753->17752 17757 7ff79968dd40 _wfindfirst32i64 11 API calls 17753->17757 17755 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17754->17755 17755->17753 17756->17738 17758 7ff79968fffb 17757->17758 17759 7ff799690003 17758->17759 17760 7ff79969000c 17758->17760 17761 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17759->17761 17762 7ff79968f924 _wfindfirst32i64 37 API calls 17760->17762 17764 7ff79969000a 17761->17764 17763 7ff79969001a 17762->17763 17765 7ff7996900af 17763->17765 17766 7ff799690022 SetEnvironmentVariableW 17763->17766 17770 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17764->17770 17769 7ff799689dd0 _wfindfirst32i64 17 API calls 17765->17769 17767 7ff799690046 17766->17767 17768 7ff799690067 17766->17768 17771 7ff799684444 _wfindfirst32i64 11 API calls 17767->17771 17773 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17768->17773 17772 7ff7996900c3 17769->17772 17770->17738 17774 7ff79969004b 17771->17774 17773->17752 17775 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17774->17775 17775->17764 17777 7ff7996901ec 17776->17777 17778 7ff7996901cf 17776->17778 17779 7ff79968dd40 _wfindfirst32i64 11 API calls 17777->17779 17778->17718 17786 7ff799690210 17779->17786 17780 7ff799690294 17782 7ff79968920c __FrameHandler3::FrameUnwindToEmptyState 45 API calls 17780->17782 17781 7ff799690271 17783 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17781->17783 17784 7ff79969029a 17782->17784 17783->17778 17785 7ff79968dd40 _wfindfirst32i64 11 API calls 17785->17786 17786->17780 17786->17781 17786->17785 17787 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17786->17787 17788 7ff79968f924 _wfindfirst32i64 37 API calls 17786->17788 17789 7ff799690280 17786->17789 17787->17786 17788->17786 17790 7ff799689dd0 _wfindfirst32i64 17 API calls 17789->17790 17790->17780 17792 7ff7996900e1 17791->17792 17793 7ff7996900f9 17791->17793 17792->17653 17794 7ff79968dd40 _wfindfirst32i64 11 API calls 17793->17794 17800 7ff79969011d 17794->17800 17795 7ff79969017e 17797 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17795->17797 17796 7ff79968920c __FrameHandler3::FrameUnwindToEmptyState 45 API calls 17798 7ff7996901a8 17796->17798 17797->17792 17799 7ff79968dd40 _wfindfirst32i64 11 API calls 17799->17800 17800->17795 17800->17799 17801 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17800->17801 17802 7ff7996891ac __std_exception_copy 37 API calls 17800->17802 17803 7ff79969018d 17800->17803 17805 7ff7996901a2 17800->17805 17801->17800 17802->17800 17804 7ff799689dd0 _wfindfirst32i64 17 API calls 17803->17804 17804->17805 17805->17796 17807 7ff799688528 17806->17807 17808 7ff799688531 17806->17808 17807->17808 17906 7ff799687ff0 17807->17906 17808->17667 17808->17668 17813 7ff7996964b9 17812->17813 17814 7ff79969565c 17812->17814 17816 7ff799684a1c 45 API calls 17813->17816 17815 7ff799695669 17814->17815 17820 7ff79969569f 17814->17820 17817 7ff799684444 _wfindfirst32i64 11 API calls 17815->17817 17836 7ff799695610 17815->17836 17819 7ff7996964ed 17816->17819 17821 7ff799695673 17817->17821 17818 7ff7996956c9 17822 7ff799684444 _wfindfirst32i64 11 API calls 17818->17822 17823 7ff7996964f2 17819->17823 17824 7ff799696503 17819->17824 17828 7ff79969651a 17819->17828 17820->17818 17825 7ff7996956ee 17820->17825 17826 7ff799689db0 _invalid_parameter_noinfo 37 API calls 17821->17826 17827 7ff7996956ce 17822->17827 17823->17662 17829 7ff799684444 _wfindfirst32i64 11 API calls 17824->17829 17833 7ff799684a1c 45 API calls 17825->17833 17838 7ff7996956d9 17825->17838 17830 7ff79969567e 17826->17830 17831 7ff799689db0 _invalid_parameter_noinfo 37 API calls 17827->17831 17834 7ff799696524 17828->17834 17835 7ff799696536 17828->17835 17832 7ff799696508 17829->17832 17830->17662 17831->17838 17837 7ff799689db0 _invalid_parameter_noinfo 37 API calls 17832->17837 17833->17838 17839 7ff799684444 _wfindfirst32i64 11 API calls 17834->17839 17840 7ff799696547 17835->17840 17841 7ff79969655e 17835->17841 17836->17662 17837->17823 17838->17662 17843 7ff799696529 17839->17843 18144 7ff7996956ac 17840->18144 18153 7ff799698388 17841->18153 17846 7ff799689db0 _invalid_parameter_noinfo 37 API calls 17843->17846 17846->17823 17847 7ff799684444 _wfindfirst32i64 11 API calls 17847->17823 17849 7ff79969253b 17848->17849 17850 7ff79969251e 17848->17850 17852 7ff799692545 17849->17852 18193 7ff799696fb8 17849->18193 17850->17849 17851 7ff79969252c 17850->17851 17853 7ff799684444 _wfindfirst32i64 11 API calls 17851->17853 18200 7ff79968f98c 17852->18200 17856 7ff799692531 __scrt_get_show_window_mode 17853->17856 17856->17687 17858 7ff799684a1c 45 API calls 17857->17858 17859 7ff79969662a 17858->17859 17860 7ff799696638 17859->17860 17861 7ff79968dfcc 5 API calls 17859->17861 17862 7ff799684504 14 API calls 17860->17862 17861->17860 17863 7ff799696694 17862->17863 17864 7ff799696724 17863->17864 17865 7ff799684a1c 45 API calls 17863->17865 17867 7ff799696735 17864->17867 17868 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17864->17868 17866 7ff7996966a7 17865->17866 17870 7ff79968dfcc 5 API calls 17866->17870 17872 7ff7996966b0 17866->17872 17869 7ff79968fce3 17867->17869 17871 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17867->17871 17868->17867 17869->17706 17869->17707 17870->17872 17871->17869 17873 7ff799684504 14 API calls 17872->17873 17874 7ff79969670b 17873->17874 17874->17864 17875 7ff799696713 SetEnvironmentVariableW 17874->17875 17875->17864 17877 7ff799688564 17876->17877 17881 7ff79968856d 17876->17881 17877->17881 18212 7ff799688064 17877->18212 17881->17734 17881->17735 17883 7ff799696379 17882->17883 17886 7ff7996963a6 17882->17886 17884 7ff79969637e 17883->17884 17883->17886 17885 7ff799684444 _wfindfirst32i64 11 API calls 17884->17885 17888 7ff799696383 17885->17888 17887 7ff7996963ea 17886->17887 17890 7ff799696409 17886->17890 17904 7ff7996963de __crtLCMapStringW 17886->17904 17889 7ff799684444 _wfindfirst32i64 11 API calls 17887->17889 17891 7ff799689db0 _invalid_parameter_noinfo 37 API calls 17888->17891 17892 7ff7996963ef 17889->17892 17893 7ff799696413 17890->17893 17894 7ff799696425 17890->17894 17895 7ff79969638e 17891->17895 17896 7ff799689db0 _invalid_parameter_noinfo 37 API calls 17892->17896 17897 7ff799684444 _wfindfirst32i64 11 API calls 17893->17897 17898 7ff799684a1c 45 API calls 17894->17898 17895->17728 17896->17904 17899 7ff799696418 17897->17899 17900 7ff799696432 17898->17900 17901 7ff799689db0 _invalid_parameter_noinfo 37 API calls 17899->17901 17900->17904 18259 7ff799697f44 17900->18259 17901->17904 17904->17728 17905 7ff799684444 _wfindfirst32i64 11 API calls 17905->17904 17907 7ff799688009 17906->17907 17920 7ff799688005 17906->17920 17929 7ff799691730 17907->17929 17912 7ff79968801b 17914 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17912->17914 17913 7ff799688027 17955 7ff7996880d4 17913->17955 17914->17920 17917 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17918 7ff79968804e 17917->17918 17919 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17918->17919 17919->17920 17920->17808 17921 7ff799688344 17920->17921 17926 7ff79968836d 17921->17926 17927 7ff799688386 17921->17927 17922 7ff79968f0b8 WideCharToMultiByte 17922->17927 17923 7ff79968dd40 _wfindfirst32i64 11 API calls 17923->17927 17924 7ff799688416 17925 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17924->17925 17925->17926 17926->17808 17927->17922 17927->17923 17927->17924 17927->17926 17928 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17927->17928 17928->17927 17930 7ff79968800e 17929->17930 17931 7ff79969173d 17929->17931 17935 7ff799691a6c GetEnvironmentStringsW 17930->17935 17974 7ff79968a6f4 17931->17974 17936 7ff799691a9c 17935->17936 17937 7ff799688013 17935->17937 17938 7ff79968f0b8 WideCharToMultiByte 17936->17938 17937->17912 17937->17913 17939 7ff799691aed 17938->17939 17940 7ff799691af4 FreeEnvironmentStringsW 17939->17940 17941 7ff79968cacc _fread_nolock 12 API calls 17939->17941 17940->17937 17942 7ff799691b07 17941->17942 17943 7ff799691b0f 17942->17943 17944 7ff799691b18 17942->17944 17945 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17943->17945 17946 7ff79968f0b8 WideCharToMultiByte 17944->17946 17947 7ff799691b16 17945->17947 17948 7ff799691b3b 17946->17948 17947->17940 17949 7ff799691b3f 17948->17949 17950 7ff799691b49 17948->17950 17951 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17949->17951 17952 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17950->17952 17953 7ff799691b47 FreeEnvironmentStringsW 17951->17953 17952->17953 17953->17937 17956 7ff7996880f9 17955->17956 17957 7ff79968dd40 _wfindfirst32i64 11 API calls 17956->17957 17969 7ff79968812f 17957->17969 17958 7ff799688137 17959 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17958->17959 17960 7ff79968802f 17959->17960 17960->17917 17961 7ff7996881aa 17962 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17961->17962 17962->17960 17963 7ff79968dd40 _wfindfirst32i64 11 API calls 17963->17969 17964 7ff799688199 18138 7ff799688300 17964->18138 17966 7ff7996891ac __std_exception_copy 37 API calls 17966->17969 17968 7ff7996881cf 17972 7ff799689dd0 _wfindfirst32i64 17 API calls 17968->17972 17969->17958 17969->17961 17969->17963 17969->17964 17969->17966 17969->17968 17971 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17969->17971 17970 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17970->17958 17971->17969 17973 7ff7996881e2 17972->17973 17975 7ff79968a720 FlsSetValue 17974->17975 17976 7ff79968a705 FlsGetValue 17974->17976 17977 7ff79968a712 17975->17977 17979 7ff79968a72d 17975->17979 17976->17977 17978 7ff79968a71a 17976->17978 17980 7ff79968a718 17977->17980 17981 7ff79968920c __FrameHandler3::FrameUnwindToEmptyState 45 API calls 17977->17981 17978->17975 17982 7ff79968dd40 _wfindfirst32i64 11 API calls 17979->17982 17994 7ff799691404 17980->17994 17983 7ff79968a795 17981->17983 17984 7ff79968a73c 17982->17984 17985 7ff79968a75a FlsSetValue 17984->17985 17986 7ff79968a74a FlsSetValue 17984->17986 17988 7ff79968a766 FlsSetValue 17985->17988 17989 7ff79968a778 17985->17989 17987 7ff79968a753 17986->17987 17991 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17987->17991 17988->17987 17990 7ff79968a3c4 _wfindfirst32i64 11 API calls 17989->17990 17992 7ff79968a780 17990->17992 17991->17977 17993 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17992->17993 17993->17980 18017 7ff799691674 17994->18017 17996 7ff799691439 18032 7ff799691104 17996->18032 17999 7ff79968cacc _fread_nolock 12 API calls 18000 7ff799691467 17999->18000 18001 7ff79969146f 18000->18001 18002 7ff79969147e 18000->18002 18003 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18001->18003 18039 7ff7996917ac 18002->18039 18014 7ff799691456 18003->18014 18006 7ff79969157a 18007 7ff799684444 _wfindfirst32i64 11 API calls 18006->18007 18008 7ff79969157f 18007->18008 18010 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18008->18010 18009 7ff7996915d5 18012 7ff79969163c 18009->18012 18050 7ff799690f34 18009->18050 18010->18014 18011 7ff799691594 18011->18009 18015 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18011->18015 18013 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18012->18013 18013->18014 18014->17930 18015->18009 18018 7ff799691697 18017->18018 18019 7ff7996916a1 18018->18019 18065 7ff79968f788 EnterCriticalSection 18018->18065 18021 7ff799691713 18019->18021 18023 7ff79968920c __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18019->18023 18021->17996 18025 7ff79969172b 18023->18025 18028 7ff79968a6f4 50 API calls 18025->18028 18031 7ff799691782 18025->18031 18029 7ff79969176c 18028->18029 18030 7ff799691404 65 API calls 18029->18030 18030->18031 18031->17996 18033 7ff799684a1c 45 API calls 18032->18033 18034 7ff799691118 18033->18034 18035 7ff799691124 GetOEMCP 18034->18035 18036 7ff799691136 18034->18036 18037 7ff79969114b 18035->18037 18036->18037 18038 7ff79969113b GetACP 18036->18038 18037->17999 18037->18014 18038->18037 18040 7ff799691104 47 API calls 18039->18040 18041 7ff7996917d9 18040->18041 18042 7ff79969192f 18041->18042 18044 7ff799691816 IsValidCodePage 18041->18044 18049 7ff799691830 __scrt_get_show_window_mode 18041->18049 18043 7ff79967ad80 _wfindfirst32i64 8 API calls 18042->18043 18045 7ff799691571 18043->18045 18044->18042 18046 7ff799691827 18044->18046 18045->18006 18045->18011 18047 7ff799691856 GetCPInfo 18046->18047 18046->18049 18047->18042 18047->18049 18066 7ff79969121c 18049->18066 18137 7ff79968f788 EnterCriticalSection 18050->18137 18067 7ff799691259 GetCPInfo 18066->18067 18076 7ff79969134f 18066->18076 18068 7ff79969126c 18067->18068 18067->18076 18077 7ff799691f60 18068->18077 18069 7ff79967ad80 _wfindfirst32i64 8 API calls 18071 7ff7996913ee 18069->18071 18071->18042 18075 7ff799696f04 54 API calls 18075->18076 18076->18069 18078 7ff799684a1c 45 API calls 18077->18078 18079 7ff799691fa2 18078->18079 18080 7ff79968e7f0 _fread_nolock MultiByteToWideChar 18079->18080 18082 7ff799691fd8 18080->18082 18081 7ff799691fdf 18084 7ff79967ad80 _wfindfirst32i64 8 API calls 18081->18084 18082->18081 18083 7ff79968cacc _fread_nolock 12 API calls 18082->18083 18085 7ff79969209c 18082->18085 18088 7ff799692008 __scrt_get_show_window_mode 18082->18088 18083->18088 18086 7ff7996912e3 18084->18086 18085->18081 18087 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18085->18087 18092 7ff799696f04 18086->18092 18087->18081 18088->18085 18089 7ff79968e7f0 _fread_nolock MultiByteToWideChar 18088->18089 18090 7ff79969207e 18089->18090 18090->18085 18091 7ff799692082 GetStringTypeW 18090->18091 18091->18085 18093 7ff799684a1c 45 API calls 18092->18093 18094 7ff799696f29 18093->18094 18097 7ff799696bd0 18094->18097 18098 7ff799696c11 18097->18098 18099 7ff79968e7f0 _fread_nolock MultiByteToWideChar 18098->18099 18102 7ff799696c5b 18099->18102 18100 7ff799696ed9 18101 7ff79967ad80 _wfindfirst32i64 8 API calls 18100->18101 18103 7ff799691316 18101->18103 18102->18100 18104 7ff79968cacc _fread_nolock 12 API calls 18102->18104 18105 7ff799696d91 18102->18105 18107 7ff799696c93 18102->18107 18103->18075 18104->18107 18105->18100 18106 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18105->18106 18106->18100 18107->18105 18108 7ff79968e7f0 _fread_nolock MultiByteToWideChar 18107->18108 18109 7ff799696d06 18108->18109 18109->18105 18128 7ff79968e18c 18109->18128 18112 7ff799696d51 18112->18105 18115 7ff79968e18c __crtLCMapStringW 6 API calls 18112->18115 18113 7ff799696da2 18114 7ff79968cacc _fread_nolock 12 API calls 18113->18114 18116 7ff799696e74 18113->18116 18117 7ff799696dc0 18113->18117 18114->18117 18115->18105 18116->18105 18118 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18116->18118 18117->18105 18119 7ff79968e18c __crtLCMapStringW 6 API calls 18117->18119 18118->18105 18120 7ff799696e40 18119->18120 18120->18116 18121 7ff799696e60 18120->18121 18122 7ff799696e76 18120->18122 18124 7ff79968f0b8 WideCharToMultiByte 18121->18124 18123 7ff79968f0b8 WideCharToMultiByte 18122->18123 18125 7ff799696e6e 18123->18125 18124->18125 18125->18116 18126 7ff799696e8e 18125->18126 18126->18105 18127 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18126->18127 18127->18105 18129 7ff79968ddb8 __crtLCMapStringW 5 API calls 18128->18129 18130 7ff79968e1ca 18129->18130 18131 7ff79968e1d2 18130->18131 18134 7ff79968e278 18130->18134 18131->18105 18131->18112 18131->18113 18133 7ff79968e23b LCMapStringW 18133->18131 18135 7ff79968ddb8 __crtLCMapStringW 5 API calls 18134->18135 18136 7ff79968e2a6 __crtLCMapStringW 18135->18136 18136->18133 18139 7ff799688305 18138->18139 18143 7ff7996881a1 18138->18143 18140 7ff79968832e 18139->18140 18141 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18139->18141 18142 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18140->18142 18141->18139 18142->18143 18143->17970 18145 7ff7996956e0 18144->18145 18146 7ff7996956c9 18144->18146 18145->18146 18148 7ff7996956ee 18145->18148 18147 7ff799684444 _wfindfirst32i64 11 API calls 18146->18147 18149 7ff7996956ce 18147->18149 18151 7ff799684a1c 45 API calls 18148->18151 18152 7ff7996956d9 18148->18152 18150 7ff799689db0 _invalid_parameter_noinfo 37 API calls 18149->18150 18150->18152 18151->18152 18152->17823 18154 7ff799684a1c 45 API calls 18153->18154 18155 7ff7996983ad 18154->18155 18158 7ff799698004 18155->18158 18160 7ff799698052 18158->18160 18159 7ff79967ad80 _wfindfirst32i64 8 API calls 18161 7ff799696585 18159->18161 18162 7ff7996980d9 18160->18162 18164 7ff7996980c4 GetCPInfo 18160->18164 18165 7ff7996980dd 18160->18165 18161->17823 18161->17847 18163 7ff79968e7f0 _fread_nolock MultiByteToWideChar 18162->18163 18162->18165 18166 7ff799698171 18163->18166 18164->18162 18164->18165 18165->18159 18166->18165 18167 7ff79968cacc _fread_nolock 12 API calls 18166->18167 18168 7ff7996981a8 18166->18168 18167->18168 18168->18165 18169 7ff79968e7f0 _fread_nolock MultiByteToWideChar 18168->18169 18170 7ff799698216 18169->18170 18171 7ff7996982f8 18170->18171 18172 7ff79968e7f0 _fread_nolock MultiByteToWideChar 18170->18172 18171->18165 18173 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18171->18173 18174 7ff79969823c 18172->18174 18173->18165 18174->18171 18175 7ff79968cacc _fread_nolock 12 API calls 18174->18175 18176 7ff799698269 18174->18176 18175->18176 18176->18171 18177 7ff79968e7f0 _fread_nolock MultiByteToWideChar 18176->18177 18178 7ff7996982e0 18177->18178 18179 7ff799698300 18178->18179 18180 7ff7996982e6 18178->18180 18187 7ff79968e010 18179->18187 18180->18171 18182 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18180->18182 18182->18171 18184 7ff79969833f 18184->18165 18186 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18184->18186 18185 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18185->18184 18186->18165 18188 7ff79968ddb8 __crtLCMapStringW 5 API calls 18187->18188 18189 7ff79968e04e 18188->18189 18190 7ff79968e056 18189->18190 18191 7ff79968e278 __crtLCMapStringW 5 API calls 18189->18191 18190->18184 18190->18185 18192 7ff79968e0bf CompareStringW 18191->18192 18192->18190 18194 7ff799696fc1 18193->18194 18195 7ff799696fda HeapSize 18193->18195 18196 7ff799684444 _wfindfirst32i64 11 API calls 18194->18196 18197 7ff799696fc6 18196->18197 18198 7ff799689db0 _invalid_parameter_noinfo 37 API calls 18197->18198 18199 7ff799696fd1 18198->18199 18199->17852 18201 7ff79968f9a1 18200->18201 18202 7ff79968f9ab 18200->18202 18203 7ff79968cacc _fread_nolock 12 API calls 18201->18203 18204 7ff79968f9b0 18202->18204 18210 7ff79968f9b7 _wfindfirst32i64 18202->18210 18208 7ff79968f9a9 18203->18208 18205 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18204->18205 18205->18208 18206 7ff79968f9ea HeapReAlloc 18206->18208 18206->18210 18207 7ff79968f9bd 18209 7ff799684444 _wfindfirst32i64 11 API calls 18207->18209 18208->17856 18209->18208 18210->18206 18210->18207 18211 7ff7996926b0 _wfindfirst32i64 2 API calls 18210->18211 18211->18210 18213 7ff79968807d 18212->18213 18214 7ff799688079 18212->18214 18233 7ff799691b7c GetEnvironmentStringsW 18213->18233 18214->17881 18225 7ff799688424 18214->18225 18217 7ff79968808a 18219 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18217->18219 18218 7ff799688096 18240 7ff7996881e4 18218->18240 18219->18214 18222 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18223 7ff7996880bd 18222->18223 18224 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18223->18224 18224->18214 18226 7ff799688447 18225->18226 18231 7ff79968845e 18225->18231 18226->17881 18227 7ff79968e7f0 MultiByteToWideChar _fread_nolock 18227->18231 18228 7ff79968dd40 _wfindfirst32i64 11 API calls 18228->18231 18229 7ff7996884d2 18230 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18229->18230 18230->18226 18231->18226 18231->18227 18231->18228 18231->18229 18232 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18231->18232 18232->18231 18234 7ff799688082 18233->18234 18237 7ff799691ba0 18233->18237 18234->18217 18234->18218 18235 7ff79968cacc _fread_nolock 12 API calls 18236 7ff799691bd7 memcpy_s 18235->18236 18238 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18236->18238 18237->18235 18239 7ff799691bf7 FreeEnvironmentStringsW 18238->18239 18239->18234 18241 7ff79968820c 18240->18241 18242 7ff79968dd40 _wfindfirst32i64 11 API calls 18241->18242 18254 7ff799688247 18242->18254 18243 7ff79968824f 18244 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18243->18244 18245 7ff79968809e 18244->18245 18245->18222 18246 7ff7996882c9 18247 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18246->18247 18247->18245 18248 7ff79968dd40 _wfindfirst32i64 11 API calls 18248->18254 18249 7ff7996882b8 18250 7ff799688300 11 API calls 18249->18250 18252 7ff7996882c0 18250->18252 18251 7ff79968f924 _wfindfirst32i64 37 API calls 18251->18254 18253 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18252->18253 18253->18243 18254->18243 18254->18246 18254->18248 18254->18249 18254->18251 18255 7ff7996882ec 18254->18255 18257 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18254->18257 18256 7ff799689dd0 _wfindfirst32i64 17 API calls 18255->18256 18258 7ff7996882fe 18256->18258 18257->18254 18261 7ff799697f6d __crtLCMapStringW 18259->18261 18260 7ff79969646e 18260->17904 18260->17905 18261->18260 18262 7ff79968e010 6 API calls 18261->18262 18262->18260 18341 7ff799684290 18342 7ff79968429b 18341->18342 18350 7ff79968e354 18342->18350 18363 7ff79968f788 EnterCriticalSection 18350->18363 18927 7ff7996996f9 18928 7ff799699708 18927->18928 18930 7ff799699712 18927->18930 18931 7ff79968f7e8 LeaveCriticalSection 18928->18931 18959 7ff79968b9f0 18970 7ff79968f788 EnterCriticalSection 18959->18970 18975 7ff7996907f0 18986 7ff799696764 18975->18986 18987 7ff799696771 18986->18987 18988 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18987->18988 18989 7ff79969678d 18987->18989 18988->18987 18990 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18989->18990 18991 7ff7996907f9 18989->18991 18990->18989 18992 7ff79968f788 EnterCriticalSection 18991->18992 18318 7ff79967a370 18319 7ff79967a39e 18318->18319 18320 7ff79967a385 18318->18320 18320->18319 18322 7ff79968cacc 12 API calls 18320->18322 18321 7ff79967a3fc 18322->18321 18472 7ff799699664 18475 7ff7996842f8 LeaveCriticalSection 18472->18475 18263 7ff79968e8dc 18264 7ff79968eace 18263->18264 18266 7ff79968e91e _isindst 18263->18266 18265 7ff799684444 _wfindfirst32i64 11 API calls 18264->18265 18283 7ff79968eabe 18265->18283 18266->18264 18269 7ff79968e99e _isindst 18266->18269 18267 7ff79967ad80 _wfindfirst32i64 8 API calls 18268 7ff79968eae9 18267->18268 18284 7ff7996953b4 18269->18284 18274 7ff79968eafa 18276 7ff799689dd0 _wfindfirst32i64 17 API calls 18274->18276 18278 7ff79968eb0e 18276->18278 18281 7ff79968e9fb 18281->18283 18309 7ff7996953f8 18281->18309 18283->18267 18285 7ff79968e9bc 18284->18285 18286 7ff7996953c3 18284->18286 18291 7ff7996947b8 18285->18291 18316 7ff79968f788 EnterCriticalSection 18286->18316 18292 7ff7996947c1 18291->18292 18293 7ff79968e9d1 18291->18293 18294 7ff799684444 _wfindfirst32i64 11 API calls 18292->18294 18293->18274 18297 7ff7996947e8 18293->18297 18295 7ff7996947c6 18294->18295 18296 7ff799689db0 _invalid_parameter_noinfo 37 API calls 18295->18296 18296->18293 18298 7ff7996947f1 18297->18298 18299 7ff79968e9e2 18297->18299 18300 7ff799684444 _wfindfirst32i64 11 API calls 18298->18300 18299->18274 18303 7ff799694818 18299->18303 18301 7ff7996947f6 18300->18301 18302 7ff799689db0 _invalid_parameter_noinfo 37 API calls 18301->18302 18302->18299 18304 7ff799694821 18303->18304 18305 7ff79968e9f3 18303->18305 18306 7ff799684444 _wfindfirst32i64 11 API calls 18304->18306 18305->18274 18305->18281 18307 7ff799694826 18306->18307 18308 7ff799689db0 _invalid_parameter_noinfo 37 API calls 18307->18308 18308->18305 18317 7ff79968f788 EnterCriticalSection 18309->18317 18993 7ff7996994de 18994 7ff7996994ee 18993->18994 18997 7ff7996842f8 LeaveCriticalSection 18994->18997 18736 7ff799688a50 18739 7ff7996889d0 18736->18739 18746 7ff79968f788 EnterCriticalSection 18739->18746 19145 7ff79967b0b0 19146 7ff79967b0c0 19145->19146 19162 7ff79968579c 19146->19162 19148 7ff79967b0cc 19168 7ff79967b3b8 19148->19168 19150 7ff79967b69c 7 API calls 19151 7ff79967b165 19150->19151 19152 7ff79967b0e4 _RTC_Initialize 19160 7ff79967b139 19152->19160 19173 7ff79967b568 19152->19173 19154 7ff79967b0f9 19176 7ff799687e6c 19154->19176 19160->19150 19161 7ff79967b155 19160->19161 19163 7ff7996857ad 19162->19163 19164 7ff7996857b5 19163->19164 19165 7ff799684444 _wfindfirst32i64 11 API calls 19163->19165 19164->19148 19166 7ff7996857c4 19165->19166 19167 7ff799689db0 _invalid_parameter_noinfo 37 API calls 19166->19167 19167->19164 19169 7ff79967b3c9 19168->19169 19172 7ff79967b3ce __scrt_release_startup_lock 19168->19172 19170 7ff79967b69c 7 API calls 19169->19170 19169->19172 19171 7ff79967b442 19170->19171 19172->19152 19201 7ff79967b52c 19173->19201 19175 7ff79967b571 19175->19154 19177 7ff799687e8c 19176->19177 19199 7ff79967b105 19176->19199 19178 7ff799687eaa GetModuleFileNameW 19177->19178 19179 7ff799687e94 19177->19179 19183 7ff799687ed5 19178->19183 19180 7ff799684444 _wfindfirst32i64 11 API calls 19179->19180 19181 7ff799687e99 19180->19181 19182 7ff799689db0 _invalid_parameter_noinfo 37 API calls 19181->19182 19182->19199 19184 7ff799687e0c 11 API calls 19183->19184 19185 7ff799687f15 19184->19185 19186 7ff799687f1d 19185->19186 19190 7ff799687f35 19185->19190 19187 7ff799684444 _wfindfirst32i64 11 API calls 19186->19187 19188 7ff799687f22 19187->19188 19189 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19188->19189 19189->19199 19191 7ff799687f57 19190->19191 19193 7ff799687f9c 19190->19193 19194 7ff799687f83 19190->19194 19192 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19191->19192 19192->19199 19197 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19193->19197 19195 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19194->19195 19196 7ff799687f8c 19195->19196 19198 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19196->19198 19197->19191 19198->19199 19199->19160 19200 7ff79967b63c InitializeSListHead 19199->19200 19202 7ff79967b546 19201->19202 19204 7ff79967b53f 19201->19204 19205 7ff799688eec 19202->19205 19204->19175 19208 7ff799688b28 19205->19208 19215 7ff79968f788 EnterCriticalSection 19208->19215 19216 7ff79968a4a0 19217 7ff79968a4a5 19216->19217 19221 7ff79968a4ba 19216->19221 19222 7ff79968a4c0 19217->19222 19223 7ff79968a502 19222->19223 19224 7ff79968a50a 19222->19224 19225 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19223->19225 19226 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19224->19226 19225->19224 19227 7ff79968a517 19226->19227 19228 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19227->19228 19229 7ff79968a524 19228->19229 19230 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19229->19230 19231 7ff79968a531 19230->19231 19232 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19231->19232 19233 7ff79968a53e 19232->19233 19234 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19233->19234 19235 7ff79968a54b 19234->19235 19236 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19235->19236 19237 7ff79968a558 19236->19237 19238 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19237->19238 19239 7ff79968a565 19238->19239 19240 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19239->19240 19241 7ff79968a575 19240->19241 19242 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19241->19242 19243 7ff79968a585 19242->19243 19248 7ff79968a364 19243->19248 19262 7ff79968f788 EnterCriticalSection 19248->19262 14698 7ff79967b19c 14719 7ff79967b36c 14698->14719 14701 7ff79967b2e8 14821 7ff79967b69c IsProcessorFeaturePresent 14701->14821 14702 7ff79967b1b8 __scrt_acquire_startup_lock 14704 7ff79967b2f2 14702->14704 14711 7ff79967b1d6 __scrt_release_startup_lock 14702->14711 14705 7ff79967b69c 7 API calls 14704->14705 14707 7ff79967b2fd __FrameHandler3::FrameUnwindToEmptyState 14705->14707 14706 7ff79967b1fb 14708 7ff79967b281 14725 7ff79967b7e8 14708->14725 14710 7ff79967b286 14728 7ff799671000 14710->14728 14711->14706 14711->14708 14810 7ff799688984 14711->14810 14717 7ff79967b2a9 14717->14707 14817 7ff79967b500 14717->14817 14828 7ff79967b96c 14719->14828 14722 7ff79967b39b __scrt_initialize_crt 14724 7ff79967b1b0 14722->14724 14830 7ff79967cac8 14722->14830 14724->14701 14724->14702 14857 7ff79967c210 14725->14857 14727 7ff79967b7ff GetStartupInfoW 14727->14710 14729 7ff79967100b 14728->14729 14859 7ff799677600 14729->14859 14731 7ff79967101d 14866 7ff799684f14 14731->14866 14733 7ff79967367b 14873 7ff799671af0 14733->14873 14739 7ff799673699 14802 7ff79967379a 14739->14802 14889 7ff799673b20 14739->14889 14741 7ff7996736cb 14741->14802 14892 7ff799676990 14741->14892 14743 7ff7996736e7 14744 7ff799673733 14743->14744 14745 7ff799676990 61 API calls 14743->14745 14907 7ff799676f90 14744->14907 14751 7ff799673708 __vcrt_freefls 14745->14751 14747 7ff799673748 14911 7ff7996719d0 14747->14911 14750 7ff79967383d 14753 7ff799673868 14750->14753 15025 7ff799673280 14750->15025 14751->14744 14755 7ff799676f90 58 API calls 14751->14755 14752 7ff7996719d0 121 API calls 14754 7ff79967377e 14752->14754 14764 7ff7996738ab 14753->14764 14922 7ff799677a30 14753->14922 14759 7ff799673782 14754->14759 14760 7ff7996737c0 14754->14760 14755->14744 14758 7ff799673888 14761 7ff79967388d 14758->14761 14762 7ff79967389e SetDllDirectoryW 14758->14762 14980 7ff799672770 14759->14980 14760->14750 15002 7ff799673cb0 14760->15002 14765 7ff799672770 59 API calls 14761->14765 14762->14764 14936 7ff799675e40 14764->14936 14765->14802 14770 7ff799673906 14778 7ff7996739c6 14770->14778 14784 7ff799673919 14770->14784 14771 7ff7996737e2 14775 7ff799672770 59 API calls 14771->14775 14774 7ff799673810 14774->14750 14777 7ff799673815 14774->14777 14775->14802 14776 7ff7996738c8 14776->14770 15039 7ff799675640 14776->15039 15021 7ff79967f2ac 14777->15021 14940 7ff799673110 14778->14940 14793 7ff799673965 14784->14793 15139 7ff799671b30 14784->15139 14785 7ff7996738dd 15059 7ff7996755d0 14785->15059 14786 7ff7996738fc 15133 7ff799675890 14786->15133 14791 7ff7996738e7 14791->14786 14794 7ff7996738eb 14791->14794 14792 7ff7996739fb 14795 7ff799676990 61 API calls 14792->14795 14793->14802 15143 7ff7996730b0 14793->15143 15127 7ff799675c90 14794->15127 14800 7ff799673a07 14795->14800 14798 7ff7996739a1 14801 7ff799675890 FreeLibrary 14798->14801 14800->14802 14957 7ff799676fd0 14800->14957 14801->14802 14993 7ff79967ad80 14802->14993 14811 7ff79968899b 14810->14811 14812 7ff7996889bc 14810->14812 14811->14708 17640 7ff7996890d8 14812->17640 14815 7ff79967b82c GetModuleHandleW 14816 7ff79967b83d 14815->14816 14816->14717 14818 7ff79967b511 14817->14818 14819 7ff79967b2c0 14818->14819 14820 7ff79967cac8 __scrt_initialize_crt 7 API calls 14818->14820 14819->14706 14820->14819 14822 7ff79967b6c2 _wfindfirst32i64 __scrt_get_show_window_mode 14821->14822 14823 7ff79967b6e1 RtlCaptureContext RtlLookupFunctionEntry 14822->14823 14824 7ff79967b70a RtlVirtualUnwind 14823->14824 14825 7ff79967b746 __scrt_get_show_window_mode 14823->14825 14824->14825 14826 7ff79967b778 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14825->14826 14827 7ff79967b7ca _wfindfirst32i64 14826->14827 14827->14704 14829 7ff79967b38e __scrt_dllmain_crt_thread_attach 14828->14829 14829->14722 14829->14724 14831 7ff79967cada 14830->14831 14832 7ff79967cad0 14830->14832 14831->14724 14836 7ff79967ce44 14832->14836 14837 7ff79967ce53 14836->14837 14838 7ff79967cad5 14836->14838 14844 7ff79967d080 14837->14844 14840 7ff79967ceb0 14838->14840 14841 7ff79967cedb 14840->14841 14842 7ff79967cebe DeleteCriticalSection 14841->14842 14843 7ff79967cedf 14841->14843 14842->14841 14843->14831 14848 7ff79967cee8 14844->14848 14849 7ff79967d002 TlsFree 14848->14849 14854 7ff79967cf2c __vcrt_InitializeCriticalSectionEx 14848->14854 14850 7ff79967cf5a LoadLibraryExW 14852 7ff79967cf7b GetLastError 14850->14852 14853 7ff79967cfd1 14850->14853 14851 7ff79967cff1 GetProcAddress 14851->14849 14852->14854 14853->14851 14855 7ff79967cfe8 FreeLibrary 14853->14855 14854->14849 14854->14850 14854->14851 14856 7ff79967cf9d LoadLibraryExW 14854->14856 14855->14851 14856->14853 14856->14854 14858 7ff79967c1f0 14857->14858 14858->14727 14858->14858 14862 7ff79967761f 14859->14862 14860 7ff799677627 __vcrt_freefls 14860->14731 14861 7ff799677670 WideCharToMultiByte 14861->14862 14865 7ff799677718 14861->14865 14862->14860 14862->14861 14864 7ff7996776c6 WideCharToMultiByte 14862->14864 14862->14865 14864->14862 14864->14865 15198 7ff799672620 14865->15198 14867 7ff79968ec40 14866->14867 14869 7ff79968ece6 14867->14869 14870 7ff79968ec93 14867->14870 14868 7ff799689ce4 _invalid_parameter_noinfo 37 API calls 14872 7ff79968ecbc 14868->14872 15703 7ff79968eb18 14869->15703 14870->14868 14872->14733 14874 7ff799671b05 14873->14874 14876 7ff799671b20 14874->14876 15711 7ff7996724d0 14874->15711 14876->14802 14877 7ff799673ba0 14876->14877 14878 7ff79967adb0 14877->14878 14879 7ff799673bac GetModuleFileNameW 14878->14879 14880 7ff799673bdb 14879->14880 14881 7ff799673bf2 14879->14881 14882 7ff799672620 57 API calls 14880->14882 15751 7ff799677b40 14881->15751 14887 7ff799673bee 14882->14887 14885 7ff799672770 59 API calls 14885->14887 14886 7ff79967ad80 _wfindfirst32i64 8 API calls 14888 7ff799673c2f 14886->14888 14887->14886 14888->14739 14890 7ff799671b30 49 API calls 14889->14890 14891 7ff799673b3d 14890->14891 14891->14741 14893 7ff79967699a 14892->14893 14894 7ff799677a30 57 API calls 14893->14894 14895 7ff7996769bc GetEnvironmentVariableW 14894->14895 14896 7ff799676a26 14895->14896 14897 7ff7996769d4 ExpandEnvironmentStringsW 14895->14897 14899 7ff79967ad80 _wfindfirst32i64 8 API calls 14896->14899 14898 7ff799677b40 59 API calls 14897->14898 14900 7ff7996769fc 14898->14900 14901 7ff799676a38 14899->14901 14900->14896 14902 7ff799676a06 14900->14902 14901->14743 15762 7ff79968910c 14902->15762 14905 7ff79967ad80 _wfindfirst32i64 8 API calls 14906 7ff799676a1e 14905->14906 14906->14743 14908 7ff799677a30 57 API calls 14907->14908 14909 7ff799676fa7 SetEnvironmentVariableW 14908->14909 14910 7ff799676fbf __vcrt_freefls 14909->14910 14910->14747 14912 7ff799671b30 49 API calls 14911->14912 14913 7ff799671a00 14912->14913 14914 7ff799671b30 49 API calls 14913->14914 14920 7ff799671a7a 14913->14920 14915 7ff799671a22 14914->14915 14916 7ff799673b20 49 API calls 14915->14916 14915->14920 14917 7ff799671a3b 14916->14917 15769 7ff7996717b0 14917->15769 14920->14750 14920->14752 14921 7ff79967f2ac 74 API calls 14921->14920 14923 7ff799677ad7 MultiByteToWideChar 14922->14923 14924 7ff799677a51 MultiByteToWideChar 14922->14924 14925 7ff799677afa 14923->14925 14926 7ff799677b1f 14923->14926 14927 7ff799677a77 14924->14927 14928 7ff799677a9c 14924->14928 14929 7ff799672620 55 API calls 14925->14929 14926->14758 14930 7ff799672620 55 API calls 14927->14930 14928->14923 14933 7ff799677ab2 14928->14933 14932 7ff799677b0d 14929->14932 14931 7ff799677a8a 14930->14931 14931->14758 14932->14758 14934 7ff799672620 55 API calls 14933->14934 14935 7ff799677ac5 14934->14935 14935->14758 14937 7ff799675e55 14936->14937 14938 7ff7996738b0 14937->14938 14939 7ff7996724d0 59 API calls 14937->14939 14938->14770 15029 7ff799675ae0 14938->15029 14939->14938 14941 7ff7996731c4 14940->14941 14947 7ff799673183 14940->14947 14942 7ff799673203 14941->14942 14943 7ff799671ab0 74 API calls 14941->14943 14944 7ff79967ad80 _wfindfirst32i64 8 API calls 14942->14944 14943->14941 14945 7ff799673215 14944->14945 14945->14802 14950 7ff799676f20 14945->14950 14947->14941 15842 7ff799671440 14947->15842 15876 7ff799672990 14947->15876 15931 7ff799671780 14947->15931 14951 7ff799677a30 57 API calls 14950->14951 14952 7ff799676f3f 14951->14952 14953 7ff799677a30 57 API calls 14952->14953 14954 7ff799676f4f 14953->14954 14955 7ff7996866b4 38 API calls 14954->14955 14956 7ff799676f5d __vcrt_freefls 14955->14956 14956->14792 14958 7ff799676fe0 14957->14958 14959 7ff799677a30 57 API calls 14958->14959 14960 7ff799677011 SetConsoleCtrlHandler GetStartupInfoW 14959->14960 14961 7ff799677072 14960->14961 16807 7ff799689184 14961->16807 14981 7ff799672790 14980->14981 14982 7ff799683be4 49 API calls 14981->14982 14983 7ff7996727dd __scrt_get_show_window_mode 14982->14983 14984 7ff799677a30 57 API calls 14983->14984 14985 7ff79967280a 14984->14985 14986 7ff799672849 MessageBoxA 14985->14986 14987 7ff79967280f 14985->14987 14988 7ff799672863 14986->14988 14989 7ff799677a30 57 API calls 14987->14989 14991 7ff79967ad80 _wfindfirst32i64 8 API calls 14988->14991 14990 7ff799672829 MessageBoxW 14989->14990 14990->14988 14992 7ff799672873 14991->14992 14992->14802 14994 7ff79967ad89 14993->14994 14995 7ff7996737ae 14994->14995 14996 7ff79967ae40 IsProcessorFeaturePresent 14994->14996 14995->14815 14997 7ff79967ae58 14996->14997 16825 7ff79967b034 RtlCaptureContext 14997->16825 15003 7ff799673cbc 15002->15003 15004 7ff799677a30 57 API calls 15003->15004 15005 7ff799673ce7 15004->15005 15006 7ff799677a30 57 API calls 15005->15006 15007 7ff799673cfa 15006->15007 16830 7ff7996854c8 15007->16830 15010 7ff79967ad80 _wfindfirst32i64 8 API calls 15011 7ff7996737da 15010->15011 15011->14771 15012 7ff799677200 15011->15012 15013 7ff799677224 15012->15013 15014 7ff79967f934 73 API calls 15013->15014 15019 7ff7996772fb __vcrt_freefls 15013->15019 15015 7ff79967723e 15014->15015 15015->15019 17209 7ff799687938 15015->17209 15017 7ff79967f934 73 API calls 15020 7ff799677253 15017->15020 15018 7ff79967f5fc _fread_nolock 53 API calls 15018->15020 15019->14774 15020->15017 15020->15018 15020->15019 15022 7ff79967f2dc 15021->15022 17224 7ff79967f088 15022->17224 15024 7ff79967f2f5 15024->14771 15026 7ff799673297 15025->15026 15027 7ff7996732c0 15025->15027 15026->15027 15028 7ff799671780 59 API calls 15026->15028 15027->14753 15028->15026 15030 7ff799675b04 15029->15030 15035 7ff799675b31 15029->15035 15031 7ff799675b2c 15030->15031 15032 7ff799675b27 memcpy_s __vcrt_freefls 15030->15032 15033 7ff799671780 59 API calls 15030->15033 15030->15035 17235 7ff7996712b0 15031->17235 15032->14776 15033->15030 15035->15032 17261 7ff799673d30 15035->17261 15037 7ff799672770 59 API calls 15037->15032 15038 7ff799675b97 15038->15032 15038->15037 15046 7ff79967565a memcpy_s 15039->15046 15041 7ff79967577f 15043 7ff799673d30 49 API calls 15041->15043 15042 7ff79967579b 15044 7ff799672770 59 API calls 15042->15044 15045 7ff7996757f8 15043->15045 15050 7ff799675791 __vcrt_freefls 15044->15050 15049 7ff799673d30 49 API calls 15045->15049 15046->15041 15046->15042 15047 7ff799673d30 49 API calls 15046->15047 15048 7ff799675760 15046->15048 15056 7ff799671440 161 API calls 15046->15056 15057 7ff799675781 15046->15057 17264 7ff799671650 15046->17264 15047->15046 15048->15041 15051 7ff799673d30 49 API calls 15048->15051 15052 7ff799675828 15049->15052 15053 7ff79967ad80 _wfindfirst32i64 8 API calls 15050->15053 15051->15041 15055 7ff799673d30 49 API calls 15052->15055 15054 7ff7996738d9 15053->15054 15054->14785 15054->14786 15055->15050 15056->15046 15058 7ff799672770 59 API calls 15057->15058 15058->15050 17269 7ff7996771b0 15059->17269 15061 7ff7996755e2 15062 7ff7996771b0 58 API calls 15061->15062 15063 7ff7996755f5 15062->15063 15064 7ff79967561a 15063->15064 15065 7ff79967560d GetProcAddress 15063->15065 15066 7ff799672770 59 API calls 15064->15066 15069 7ff799675f9c GetProcAddress 15065->15069 15070 7ff799675f79 15065->15070 15068 7ff799675626 15066->15068 15068->14791 15069->15070 15071 7ff799675fc1 GetProcAddress 15069->15071 15073 7ff799672620 57 API calls 15070->15073 15071->15070 15072 7ff799675fe6 GetProcAddress 15071->15072 15072->15070 15074 7ff79967600e GetProcAddress 15072->15074 15075 7ff799675f8c 15073->15075 15074->15070 15076 7ff799676036 GetProcAddress 15074->15076 15075->14791 15076->15070 15128 7ff799675cb4 15127->15128 15134 7ff7996758bd 15133->15134 15135 7ff7996758a2 15133->15135 15134->14770 15135->15134 15138 7ff799675980 15135->15138 17273 7ff799677190 FreeLibrary 15135->17273 15138->15134 17274 7ff799677190 FreeLibrary 15138->17274 15140 7ff799671b55 15139->15140 15141 7ff799683be4 49 API calls 15140->15141 15142 7ff799671b78 15141->15142 15142->14793 17275 7ff799674960 15143->17275 15146 7ff7996730fd 15146->14798 15148 7ff7996730d4 15148->15146 17331 7ff7996746e0 15148->17331 15217 7ff79967adb0 15198->15217 15201 7ff799672669 15219 7ff799683be4 15201->15219 15206 7ff799671b30 49 API calls 15207 7ff7996726c8 __scrt_get_show_window_mode 15206->15207 15208 7ff799677a30 54 API calls 15207->15208 15209 7ff7996726f5 15208->15209 15210 7ff7996726fa 15209->15210 15211 7ff799672734 MessageBoxA 15209->15211 15212 7ff799677a30 54 API calls 15210->15212 15213 7ff79967274e 15211->15213 15214 7ff799672714 MessageBoxW 15212->15214 15215 7ff79967ad80 _wfindfirst32i64 8 API calls 15213->15215 15214->15213 15216 7ff79967275e 15215->15216 15216->14860 15218 7ff79967263c GetLastError 15217->15218 15218->15201 15220 7ff799683c3e 15219->15220 15221 7ff799683c63 15220->15221 15222 7ff799683c9f 15220->15222 15249 7ff799689ce4 15221->15249 15257 7ff799681e70 15222->15257 15225 7ff799683c8d 15228 7ff79967ad80 _wfindfirst32i64 8 API calls 15225->15228 15226 7ff799683d7c 15227 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15226->15227 15227->15225 15230 7ff799672699 15228->15230 15237 7ff7996774b0 15230->15237 15231 7ff799683d51 15271 7ff799689e18 15231->15271 15232 7ff799683da0 15232->15226 15234 7ff799683daa 15232->15234 15233 7ff799683d48 15233->15226 15233->15231 15236 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15234->15236 15236->15225 15238 7ff7996774bc 15237->15238 15239 7ff7996774dd FormatMessageW 15238->15239 15240 7ff7996774d7 GetLastError 15238->15240 15241 7ff79967752c WideCharToMultiByte 15239->15241 15242 7ff799677510 15239->15242 15240->15239 15244 7ff799677566 15241->15244 15245 7ff799677523 15241->15245 15243 7ff799672620 54 API calls 15242->15243 15243->15245 15246 7ff799672620 54 API calls 15244->15246 15247 7ff79967ad80 _wfindfirst32i64 8 API calls 15245->15247 15246->15245 15248 7ff7996726a0 15247->15248 15248->15206 15277 7ff799689a2c 15249->15277 15252 7ff799689d1f 15252->15225 15258 7ff799681eae 15257->15258 15259 7ff799681e9e 15257->15259 15260 7ff799681eb7 15258->15260 15268 7ff799681ee5 15258->15268 15261 7ff799689ce4 _invalid_parameter_noinfo 37 API calls 15259->15261 15262 7ff799689ce4 _invalid_parameter_noinfo 37 API calls 15260->15262 15263 7ff799681edd 15261->15263 15262->15263 15263->15226 15263->15231 15263->15232 15263->15233 15266 7ff799682194 15267 7ff799689ce4 _invalid_parameter_noinfo 37 API calls 15266->15267 15267->15259 15268->15259 15268->15263 15268->15266 15369 7ff799682800 15268->15369 15395 7ff7996824c8 15268->15395 15425 7ff799681d50 15268->15425 15428 7ff799683a20 15268->15428 15272 7ff799689e4c 15271->15272 15273 7ff799689e1d RtlFreeHeap 15271->15273 15272->15225 15273->15272 15274 7ff799689e38 GetLastError 15273->15274 15275 7ff799689e45 Concurrency::details::SchedulerProxy::DeleteThis 15274->15275 15276 7ff799684444 _wfindfirst32i64 9 API calls 15275->15276 15276->15272 15278 7ff799689a83 15277->15278 15279 7ff799689a48 GetLastError 15277->15279 15278->15252 15283 7ff799689a98 15278->15283 15280 7ff799689a58 15279->15280 15290 7ff79968a860 15280->15290 15284 7ff799689ab4 GetLastError SetLastError 15283->15284 15285 7ff799689acc 15283->15285 15284->15285 15285->15252 15286 7ff799689dd0 IsProcessorFeaturePresent 15285->15286 15287 7ff799689de3 15286->15287 15361 7ff799689ae4 15287->15361 15291 7ff79968a87f FlsGetValue 15290->15291 15292 7ff79968a89a FlsSetValue 15290->15292 15294 7ff79968a894 15291->15294 15304 7ff799689a73 SetLastError 15291->15304 15293 7ff79968a8a7 15292->15293 15292->15304 15307 7ff79968dd40 15293->15307 15294->15292 15297 7ff79968a8d4 FlsSetValue 15300 7ff79968a8e0 FlsSetValue 15297->15300 15301 7ff79968a8f2 15297->15301 15298 7ff79968a8c4 FlsSetValue 15299 7ff79968a8cd 15298->15299 15302 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15299->15302 15300->15299 15314 7ff79968a3c4 15301->15314 15302->15304 15304->15278 15312 7ff79968dd51 _wfindfirst32i64 15307->15312 15308 7ff79968dda2 15322 7ff799684444 15308->15322 15309 7ff79968dd86 HeapAlloc 15310 7ff79968a8b6 15309->15310 15309->15312 15310->15297 15310->15298 15312->15308 15312->15309 15319 7ff7996926b0 15312->15319 15347 7ff79968a29c 15314->15347 15325 7ff7996926f0 15319->15325 15330 7ff79968a798 GetLastError 15322->15330 15324 7ff79968444d 15324->15310 15326 7ff79968f788 _isindst EnterCriticalSection 15325->15326 15327 7ff7996926fd 15326->15327 15328 7ff79968f7e8 _isindst LeaveCriticalSection 15327->15328 15329 7ff7996926c2 15328->15329 15329->15312 15331 7ff79968a7d9 FlsSetValue 15330->15331 15333 7ff79968a7bc 15330->15333 15332 7ff79968a7eb 15331->15332 15345 7ff79968a7c9 15331->15345 15335 7ff79968dd40 _wfindfirst32i64 5 API calls 15332->15335 15333->15331 15333->15345 15334 7ff79968a845 SetLastError 15334->15324 15336 7ff79968a7fa 15335->15336 15337 7ff79968a818 FlsSetValue 15336->15337 15338 7ff79968a808 FlsSetValue 15336->15338 15340 7ff79968a824 FlsSetValue 15337->15340 15341 7ff79968a836 15337->15341 15339 7ff79968a811 15338->15339 15342 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 15339->15342 15340->15339 15343 7ff79968a3c4 _wfindfirst32i64 5 API calls 15341->15343 15342->15345 15344 7ff79968a83e 15343->15344 15346 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 15344->15346 15345->15334 15346->15334 15359 7ff79968f788 EnterCriticalSection 15347->15359 15362 7ff799689b1e _wfindfirst32i64 __scrt_get_show_window_mode 15361->15362 15363 7ff799689b46 RtlCaptureContext RtlLookupFunctionEntry 15362->15363 15364 7ff799689b80 RtlVirtualUnwind 15363->15364 15365 7ff799689bb6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15363->15365 15364->15365 15368 7ff799689c08 _wfindfirst32i64 15365->15368 15366 7ff79967ad80 _wfindfirst32i64 8 API calls 15367 7ff799689c27 GetCurrentProcess TerminateProcess 15366->15367 15368->15366 15370 7ff7996828b5 15369->15370 15371 7ff799682842 15369->15371 15374 7ff7996828ba 15370->15374 15375 7ff79968290f 15370->15375 15372 7ff799682848 15371->15372 15373 7ff7996828df 15371->15373 15380 7ff79968284d 15372->15380 15383 7ff79968291e 15372->15383 15452 7ff799680db0 15373->15452 15376 7ff7996828bc 15374->15376 15377 7ff7996828ef 15374->15377 15375->15373 15375->15383 15393 7ff799682878 15375->15393 15379 7ff79968285d 15376->15379 15386 7ff7996828cb 15376->15386 15459 7ff7996809a0 15377->15459 15394 7ff79968294d 15379->15394 15434 7ff799683164 15379->15434 15380->15379 15384 7ff799682890 15380->15384 15380->15393 15383->15394 15466 7ff7996811c0 15383->15466 15384->15394 15444 7ff799683620 15384->15444 15386->15373 15387 7ff7996828d0 15386->15387 15387->15394 15448 7ff7996837b8 15387->15448 15389 7ff79967ad80 _wfindfirst32i64 8 API calls 15391 7ff799682be3 15389->15391 15391->15268 15393->15394 15473 7ff79968da00 15393->15473 15394->15389 15396 7ff7996824e9 15395->15396 15397 7ff7996824d3 15395->15397 15400 7ff799689ce4 _invalid_parameter_noinfo 37 API calls 15396->15400 15401 7ff799682527 15396->15401 15398 7ff7996828b5 15397->15398 15399 7ff799682842 15397->15399 15397->15401 15404 7ff7996828ba 15398->15404 15405 7ff79968290f 15398->15405 15402 7ff799682848 15399->15402 15403 7ff7996828df 15399->15403 15400->15401 15401->15268 15410 7ff79968284d 15402->15410 15413 7ff79968291e 15402->15413 15408 7ff799680db0 38 API calls 15403->15408 15406 7ff7996828bc 15404->15406 15407 7ff7996828ef 15404->15407 15405->15403 15405->15413 15423 7ff799682878 15405->15423 15409 7ff79968285d 15406->15409 15416 7ff7996828cb 15406->15416 15411 7ff7996809a0 38 API calls 15407->15411 15408->15423 15412 7ff799683164 47 API calls 15409->15412 15424 7ff79968294d 15409->15424 15410->15409 15414 7ff799682890 15410->15414 15410->15423 15411->15423 15412->15423 15415 7ff7996811c0 38 API calls 15413->15415 15413->15424 15417 7ff799683620 47 API calls 15414->15417 15414->15424 15415->15423 15416->15403 15418 7ff7996828d0 15416->15418 15417->15423 15420 7ff7996837b8 37 API calls 15418->15420 15418->15424 15419 7ff79967ad80 _wfindfirst32i64 8 API calls 15421 7ff799682be3 15419->15421 15420->15423 15421->15268 15422 7ff79968da00 47 API calls 15422->15423 15423->15422 15423->15424 15424->15419 15631 7ff79967ff74 15425->15631 15429 7ff799683a37 15428->15429 15648 7ff79968cb60 15429->15648 15435 7ff799683186 15434->15435 15483 7ff79967fde0 15435->15483 15440 7ff799683a20 45 API calls 15443 7ff7996832c3 15440->15443 15441 7ff79968334c 15441->15393 15441->15441 15442 7ff799683a20 45 API calls 15442->15441 15443->15441 15443->15442 15443->15443 15445 7ff7996836a0 15444->15445 15446 7ff799683638 15444->15446 15445->15393 15446->15445 15447 7ff79968da00 47 API calls 15446->15447 15447->15445 15449 7ff7996837d9 15448->15449 15450 7ff799689ce4 _invalid_parameter_noinfo 37 API calls 15449->15450 15451 7ff79968380a 15449->15451 15450->15451 15451->15393 15453 7ff799680de3 15452->15453 15454 7ff799680e12 15453->15454 15456 7ff799680ecf 15453->15456 15455 7ff79967fde0 12 API calls 15454->15455 15458 7ff799680e4f 15454->15458 15455->15458 15457 7ff799689ce4 _invalid_parameter_noinfo 37 API calls 15456->15457 15457->15458 15458->15393 15460 7ff7996809d3 15459->15460 15461 7ff799680a02 15460->15461 15463 7ff799680abf 15460->15463 15462 7ff79967fde0 12 API calls 15461->15462 15465 7ff799680a3f 15461->15465 15462->15465 15464 7ff799689ce4 _invalid_parameter_noinfo 37 API calls 15463->15464 15464->15465 15465->15393 15467 7ff7996811f3 15466->15467 15468 7ff799681222 15467->15468 15470 7ff7996812df 15467->15470 15469 7ff79967fde0 12 API calls 15468->15469 15472 7ff79968125f 15468->15472 15469->15472 15471 7ff799689ce4 _invalid_parameter_noinfo 37 API calls 15470->15471 15471->15472 15472->15393 15474 7ff79968da28 15473->15474 15475 7ff79968da6d 15474->15475 15477 7ff799683a20 45 API calls 15474->15477 15478 7ff79968da56 __scrt_get_show_window_mode 15474->15478 15480 7ff79968da2d __scrt_get_show_window_mode 15474->15480 15475->15478 15475->15480 15628 7ff79968f0b8 15475->15628 15476 7ff799689ce4 _invalid_parameter_noinfo 37 API calls 15476->15480 15477->15475 15478->15476 15478->15480 15480->15393 15484 7ff79967fe17 15483->15484 15490 7ff79967fe06 15483->15490 15484->15490 15513 7ff79968cacc 15484->15513 15487 7ff79967fe58 15488 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15487->15488 15488->15490 15489 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15489->15487 15491 7ff79968d718 15490->15491 15492 7ff79968d735 15491->15492 15493 7ff79968d768 15491->15493 15494 7ff799689ce4 _invalid_parameter_noinfo 37 API calls 15492->15494 15493->15492 15495 7ff79968d79a 15493->15495 15510 7ff7996832a1 15494->15510 15496 7ff79968d7e2 15495->15496 15501 7ff79968d8ad 15495->15501 15496->15510 15520 7ff7996891ac 15496->15520 15497 7ff79968d99f 15553 7ff79968cc04 15497->15553 15499 7ff79968d965 15546 7ff79968cf9c 15499->15546 15501->15497 15501->15499 15502 7ff79968d934 15501->15502 15504 7ff79968d8f7 15501->15504 15505 7ff79968d8ed 15501->15505 15539 7ff79968d27c 15502->15539 15529 7ff79968d4ac 15504->15529 15505->15499 15507 7ff79968d8f2 15505->15507 15507->15502 15507->15504 15510->15440 15510->15443 15511 7ff799689dd0 _wfindfirst32i64 17 API calls 15512 7ff79968d9fc 15511->15512 15514 7ff79968cb17 15513->15514 15518 7ff79968cadb _wfindfirst32i64 15513->15518 15516 7ff799684444 _wfindfirst32i64 11 API calls 15514->15516 15515 7ff79968cafe HeapAlloc 15517 7ff79967fe44 15515->15517 15515->15518 15516->15517 15517->15487 15517->15489 15518->15514 15518->15515 15519 7ff7996926b0 _wfindfirst32i64 2 API calls 15518->15519 15519->15518 15521 7ff7996891b9 15520->15521 15524 7ff7996891c3 15520->15524 15521->15524 15527 7ff7996891de 15521->15527 15522 7ff799684444 _wfindfirst32i64 11 API calls 15523 7ff7996891ca 15522->15523 15562 7ff799689db0 15523->15562 15524->15522 15526 7ff7996891d6 15526->15510 15526->15511 15527->15526 15528 7ff799684444 _wfindfirst32i64 11 API calls 15527->15528 15528->15523 15564 7ff7996931cc 15529->15564 15533 7ff79968d554 15534 7ff79968d558 15533->15534 15535 7ff79968d5a9 15533->15535 15536 7ff79968d574 15533->15536 15534->15510 15617 7ff79968d098 15535->15617 15613 7ff79968d354 15536->15613 15540 7ff7996931cc 38 API calls 15539->15540 15541 7ff79968d2c6 15540->15541 15542 7ff799692c14 37 API calls 15541->15542 15543 7ff79968d316 15542->15543 15544 7ff79968d31a 15543->15544 15545 7ff79968d354 45 API calls 15543->15545 15544->15510 15545->15544 15547 7ff7996931cc 38 API calls 15546->15547 15548 7ff79968cfe7 15547->15548 15549 7ff799692c14 37 API calls 15548->15549 15550 7ff79968d03f 15549->15550 15551 7ff79968d043 15550->15551 15552 7ff79968d098 45 API calls 15550->15552 15551->15510 15552->15551 15554 7ff79968cc49 15553->15554 15555 7ff79968cc7c 15553->15555 15556 7ff799689ce4 _invalid_parameter_noinfo 37 API calls 15554->15556 15557 7ff79968cc94 15555->15557 15559 7ff79968cd15 15555->15559 15561 7ff79968cc75 __scrt_get_show_window_mode 15556->15561 15558 7ff79968cf9c 46 API calls 15557->15558 15558->15561 15560 7ff799683a20 45 API calls 15559->15560 15559->15561 15560->15561 15561->15510 15563 7ff799689c48 _invalid_parameter_noinfo 37 API calls 15562->15563 15565 7ff79969321f fegetenv 15564->15565 15566 7ff79969712c 37 API calls 15565->15566 15570 7ff799693272 15566->15570 15567 7ff799693362 15569 7ff79969712c 37 API calls 15567->15569 15568 7ff79969329f 15572 7ff7996891ac __std_exception_copy 37 API calls 15568->15572 15571 7ff79969338c 15569->15571 15570->15567 15573 7ff79969328d 15570->15573 15574 7ff79969333c 15570->15574 15575 7ff79969712c 37 API calls 15571->15575 15576 7ff79969331d 15572->15576 15573->15567 15573->15568 15577 7ff7996891ac __std_exception_copy 37 API calls 15574->15577 15578 7ff79969339d 15575->15578 15579 7ff799694444 15576->15579 15583 7ff799693325 15576->15583 15577->15576 15581 7ff799697320 20 API calls 15578->15581 15580 7ff799689dd0 _wfindfirst32i64 17 API calls 15579->15580 15582 7ff799694459 15580->15582 15587 7ff799693406 __scrt_get_show_window_mode 15581->15587 15584 7ff79967ad80 _wfindfirst32i64 8 API calls 15583->15584 15585 7ff79968d4f9 15584->15585 15609 7ff799692c14 15585->15609 15586 7ff7996937af __scrt_get_show_window_mode 15587->15586 15588 7ff799693447 memcpy_s 15587->15588 15593 7ff799684444 _wfindfirst32i64 11 API calls 15587->15593 15605 7ff799693d8b memcpy_s __scrt_get_show_window_mode 15588->15605 15606 7ff7996938a3 memcpy_s __scrt_get_show_window_mode 15588->15606 15589 7ff799692d30 37 API calls 15595 7ff799694207 15589->15595 15590 7ff799693a9b 15590->15590 15591 7ff799693aef 15590->15591 15592 7ff79969445c memcpy_s 37 API calls 15590->15592 15591->15589 15592->15591 15594 7ff799693880 15593->15594 15596 7ff799689db0 _invalid_parameter_noinfo 37 API calls 15594->15596 15597 7ff79969445c memcpy_s 37 API calls 15595->15597 15602 7ff799694262 15595->15602 15596->15588 15597->15602 15598 7ff7996943e8 15599 7ff79969712c 37 API calls 15598->15599 15599->15583 15600 7ff799684444 11 API calls _wfindfirst32i64 15600->15605 15601 7ff799684444 11 API calls _wfindfirst32i64 15601->15606 15602->15598 15604 7ff799692d30 37 API calls 15602->15604 15608 7ff79969445c memcpy_s 37 API calls 15602->15608 15603 7ff799689db0 37 API calls _invalid_parameter_noinfo 15603->15605 15604->15602 15605->15590 15605->15591 15605->15600 15605->15603 15606->15590 15606->15601 15607 7ff799689db0 37 API calls _invalid_parameter_noinfo 15606->15607 15607->15606 15608->15602 15610 7ff799692c33 15609->15610 15611 7ff799689ce4 _invalid_parameter_noinfo 37 API calls 15610->15611 15612 7ff799692c5e memcpy_s 15610->15612 15611->15612 15612->15533 15614 7ff79968d380 memcpy_s 15613->15614 15615 7ff799683a20 45 API calls 15614->15615 15616 7ff79968d43a memcpy_s __scrt_get_show_window_mode 15614->15616 15615->15616 15616->15534 15618 7ff79968d120 memcpy_s 15617->15618 15619 7ff79968d0d3 15617->15619 15622 7ff79968d18b 15618->15622 15624 7ff799683a20 45 API calls 15618->15624 15620 7ff799689ce4 _invalid_parameter_noinfo 37 API calls 15619->15620 15621 7ff79968d0ff 15620->15621 15621->15534 15623 7ff7996891ac __std_exception_copy 37 API calls 15622->15623 15627 7ff79968d1cd memcpy_s 15623->15627 15624->15622 15625 7ff799689dd0 _wfindfirst32i64 17 API calls 15626 7ff79968d278 15625->15626 15627->15625 15630 7ff79968f0dc WideCharToMultiByte 15628->15630 15632 7ff79967ffb3 15631->15632 15633 7ff79967ffa1 15631->15633 15636 7ff79967ffc0 15632->15636 15639 7ff79967fffd 15632->15639 15634 7ff799684444 _wfindfirst32i64 11 API calls 15633->15634 15635 7ff79967ffa6 15634->15635 15637 7ff799689db0 _invalid_parameter_noinfo 37 API calls 15635->15637 15638 7ff799689ce4 _invalid_parameter_noinfo 37 API calls 15636->15638 15645 7ff79967ffb1 15637->15645 15638->15645 15640 7ff7996800a6 15639->15640 15642 7ff799684444 _wfindfirst32i64 11 API calls 15639->15642 15641 7ff799684444 _wfindfirst32i64 11 API calls 15640->15641 15640->15645 15644 7ff799680150 15641->15644 15643 7ff79968009b 15642->15643 15646 7ff799689db0 _invalid_parameter_noinfo 37 API calls 15643->15646 15647 7ff799689db0 _invalid_parameter_noinfo 37 API calls 15644->15647 15645->15268 15646->15640 15647->15645 15649 7ff79968cb79 15648->15649 15651 7ff799683a5f 15648->15651 15649->15651 15656 7ff799692424 15649->15656 15652 7ff79968cbcc 15651->15652 15653 7ff79968cbe5 15652->15653 15654 7ff799683a6f 15652->15654 15653->15654 15700 7ff799691790 15653->15700 15654->15268 15668 7ff79968a620 GetLastError 15656->15668 15659 7ff79969247e 15659->15651 15669 7ff79968a661 FlsSetValue 15668->15669 15670 7ff79968a644 FlsGetValue 15668->15670 15672 7ff79968a673 15669->15672 15688 7ff79968a651 15669->15688 15671 7ff79968a65b 15670->15671 15670->15688 15671->15669 15674 7ff79968dd40 _wfindfirst32i64 11 API calls 15672->15674 15673 7ff79968a6cd SetLastError 15675 7ff79968a6da 15673->15675 15676 7ff79968a6ed 15673->15676 15677 7ff79968a682 15674->15677 15675->15659 15690 7ff79968f788 EnterCriticalSection 15675->15690 15691 7ff79968920c 15676->15691 15679 7ff79968a6a0 FlsSetValue 15677->15679 15680 7ff79968a690 FlsSetValue 15677->15680 15683 7ff79968a6ac FlsSetValue 15679->15683 15684 7ff79968a6be 15679->15684 15682 7ff79968a699 15680->15682 15686 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15682->15686 15683->15682 15685 7ff79968a3c4 _wfindfirst32i64 11 API calls 15684->15685 15687 7ff79968a6c6 15685->15687 15686->15688 15689 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15687->15689 15688->15673 15689->15673 15692 7ff799692770 __FrameHandler3::FrameUnwindToEmptyState EnterCriticalSection LeaveCriticalSection 15691->15692 15693 7ff799689215 15692->15693 15694 7ff799689224 15693->15694 15695 7ff7996927c0 __FrameHandler3::FrameUnwindToEmptyState 44 API calls 15693->15695 15696 7ff799689257 __FrameHandler3::FrameUnwindToEmptyState 15694->15696 15697 7ff79968922d IsProcessorFeaturePresent 15694->15697 15695->15694 15698 7ff79968923c 15697->15698 15699 7ff799689ae4 _wfindfirst32i64 14 API calls 15698->15699 15699->15696 15701 7ff79968a620 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 15700->15701 15702 7ff799691799 15701->15702 15710 7ff7996842ec EnterCriticalSection 15703->15710 15712 7ff7996724ec 15711->15712 15713 7ff799683be4 49 API calls 15712->15713 15714 7ff79967253f 15713->15714 15715 7ff799684444 _wfindfirst32i64 11 API calls 15714->15715 15716 7ff799672544 15715->15716 15730 7ff799684464 15716->15730 15719 7ff799671b30 49 API calls 15720 7ff799672573 __scrt_get_show_window_mode 15719->15720 15721 7ff799677a30 57 API calls 15720->15721 15722 7ff7996725a0 15721->15722 15723 7ff7996725a5 15722->15723 15724 7ff7996725df MessageBoxA 15722->15724 15726 7ff799677a30 57 API calls 15723->15726 15725 7ff7996725f9 15724->15725 15727 7ff79967ad80 _wfindfirst32i64 8 API calls 15725->15727 15728 7ff7996725bf MessageBoxW 15726->15728 15729 7ff799672609 15727->15729 15728->15725 15729->14876 15731 7ff79968a798 _wfindfirst32i64 11 API calls 15730->15731 15732 7ff79968447b 15731->15732 15733 7ff79968dd40 _wfindfirst32i64 11 API calls 15732->15733 15736 7ff7996844bb 15732->15736 15739 7ff79967254b 15732->15739 15734 7ff7996844b0 15733->15734 15735 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15734->15735 15735->15736 15736->15739 15742 7ff79968e418 15736->15742 15739->15719 15740 7ff799689dd0 _wfindfirst32i64 17 API calls 15741 7ff799684500 15740->15741 15747 7ff79968e435 15742->15747 15743 7ff79968e43a 15744 7ff7996844e1 15743->15744 15745 7ff799684444 _wfindfirst32i64 11 API calls 15743->15745 15744->15739 15744->15740 15746 7ff79968e444 15745->15746 15748 7ff799689db0 _invalid_parameter_noinfo 37 API calls 15746->15748 15747->15743 15747->15744 15749 7ff79968e484 15747->15749 15748->15744 15749->15744 15750 7ff799684444 _wfindfirst32i64 11 API calls 15749->15750 15750->15746 15752 7ff799677b64 WideCharToMultiByte 15751->15752 15753 7ff799677bd2 WideCharToMultiByte 15751->15753 15754 7ff799677b8e 15752->15754 15758 7ff799677ba5 15752->15758 15755 7ff799673c05 15753->15755 15756 7ff799677bff 15753->15756 15757 7ff799672620 57 API calls 15754->15757 15755->14885 15755->14887 15759 7ff799672620 57 API calls 15756->15759 15757->15755 15758->15753 15760 7ff799677bbb 15758->15760 15759->15755 15761 7ff799672620 57 API calls 15760->15761 15761->15755 15763 7ff799676a0e 15762->15763 15764 7ff799689123 15762->15764 15763->14905 15764->15763 15765 7ff7996891ac __std_exception_copy 37 API calls 15764->15765 15766 7ff799689150 15765->15766 15766->15763 15767 7ff799689dd0 _wfindfirst32i64 17 API calls 15766->15767 15768 7ff799689180 15767->15768 15770 7ff7996717d4 15769->15770 15771 7ff7996717e4 15769->15771 15772 7ff799673cb0 116 API calls 15770->15772 15773 7ff799677200 83 API calls 15771->15773 15799 7ff799671842 15771->15799 15772->15771 15774 7ff799671815 15773->15774 15774->15799 15803 7ff79967f934 15774->15803 15776 7ff79967ad80 _wfindfirst32i64 8 API calls 15778 7ff7996719c0 15776->15778 15777 7ff79967182b 15779 7ff79967184c 15777->15779 15780 7ff79967182f 15777->15780 15778->14920 15778->14921 15807 7ff79967f5fc 15779->15807 15781 7ff7996724d0 59 API calls 15780->15781 15781->15799 15784 7ff799671867 15786 7ff7996724d0 59 API calls 15784->15786 15785 7ff79967f934 73 API calls 15787 7ff7996718d1 15785->15787 15786->15799 15788 7ff7996718fe 15787->15788 15789 7ff7996718e3 15787->15789 15790 7ff79967f5fc _fread_nolock 53 API calls 15788->15790 15791 7ff7996724d0 59 API calls 15789->15791 15792 7ff799671913 15790->15792 15791->15799 15792->15784 15793 7ff799671925 15792->15793 15810 7ff79967f370 15793->15810 15796 7ff79967193d 15797 7ff799672770 59 API calls 15796->15797 15797->15799 15798 7ff799671993 15798->15799 15801 7ff79967f2ac 74 API calls 15798->15801 15799->15776 15800 7ff799671950 15800->15798 15802 7ff799672770 59 API calls 15800->15802 15801->15799 15802->15798 15804 7ff79967f964 15803->15804 15816 7ff79967f6c4 15804->15816 15806 7ff79967f97d 15806->15777 15828 7ff79967f61c 15807->15828 15811 7ff799671939 15810->15811 15812 7ff79967f379 15810->15812 15811->15796 15811->15800 15813 7ff799684444 _wfindfirst32i64 11 API calls 15812->15813 15814 7ff79967f37e 15813->15814 15815 7ff799689db0 _invalid_parameter_noinfo 37 API calls 15814->15815 15815->15811 15817 7ff79967f72e 15816->15817 15818 7ff79967f6ee 15816->15818 15817->15818 15820 7ff79967f73a 15817->15820 15819 7ff799689ce4 _invalid_parameter_noinfo 37 API calls 15818->15819 15826 7ff79967f715 15819->15826 15827 7ff7996842ec EnterCriticalSection 15820->15827 15826->15806 15829 7ff79967f646 15828->15829 15830 7ff799671861 15828->15830 15829->15830 15831 7ff79967f655 __scrt_get_show_window_mode 15829->15831 15832 7ff79967f692 15829->15832 15830->15784 15830->15785 15834 7ff799684444 _wfindfirst32i64 11 API calls 15831->15834 15841 7ff7996842ec EnterCriticalSection 15832->15841 15836 7ff79967f66a 15834->15836 15838 7ff799689db0 _invalid_parameter_noinfo 37 API calls 15836->15838 15838->15830 15935 7ff799676720 15842->15935 15844 7ff799671454 15845 7ff799671459 15844->15845 15944 7ff799676a40 15844->15944 15845->14947 15848 7ff7996714a7 15851 7ff7996714e0 15848->15851 15853 7ff799673cb0 116 API calls 15848->15853 15849 7ff799671487 15850 7ff7996724d0 59 API calls 15849->15850 15852 7ff79967149d 15850->15852 15854 7ff79967f934 73 API calls 15851->15854 15852->14947 15855 7ff7996714bf 15853->15855 15856 7ff7996714f2 15854->15856 15855->15851 15857 7ff7996714c7 15855->15857 15858 7ff799671516 15856->15858 15859 7ff7996714f6 15856->15859 15863 7ff799672770 59 API calls 15857->15863 15861 7ff79967151c 15858->15861 15862 7ff799671534 15858->15862 15860 7ff7996724d0 59 API calls 15859->15860 15870 7ff7996714d6 __vcrt_freefls 15860->15870 15969 7ff799671050 15861->15969 15866 7ff799671556 15862->15866 15874 7ff799671575 15862->15874 15863->15870 15865 7ff799671624 15868 7ff79967f2ac 74 API calls 15865->15868 15869 7ff7996724d0 59 API calls 15866->15869 15867 7ff79967f2ac 74 API calls 15867->15865 15868->15852 15869->15870 15870->15865 15870->15867 15871 7ff79967f5fc _fread_nolock 53 API calls 15871->15874 15872 7ff7996715d5 15875 7ff7996724d0 59 API calls 15872->15875 15874->15870 15874->15871 15874->15872 15987 7ff79967fd3c 15874->15987 15875->15870 15877 7ff7996729a6 15876->15877 15878 7ff799671b30 49 API calls 15877->15878 15879 7ff7996729db 15878->15879 15880 7ff799673b20 49 API calls 15879->15880 15909 7ff799672de1 15879->15909 15881 7ff799672a4f 15880->15881 16566 7ff799672e00 15881->16566 15884 7ff799672aca 15887 7ff799672e00 75 API calls 15884->15887 15885 7ff799672a91 15886 7ff799676720 98 API calls 15885->15886 15888 7ff799672a99 15886->15888 15889 7ff799672b1c 15887->15889 15892 7ff799672aba 15888->15892 16574 7ff799676600 15888->16574 15890 7ff799672b86 15889->15890 15891 7ff799672b20 15889->15891 15896 7ff799672e00 75 API calls 15890->15896 15893 7ff799676720 98 API calls 15891->15893 15894 7ff799672770 59 API calls 15892->15894 15898 7ff799672ac3 15892->15898 15897 7ff799672b28 15893->15897 15894->15898 15899 7ff799672bb2 15896->15899 15897->15892 15902 7ff799676600 138 API calls 15897->15902 15904 7ff79967ad80 _wfindfirst32i64 8 API calls 15898->15904 15900 7ff799672c12 15899->15900 15901 7ff799672e00 75 API calls 15899->15901 15903 7ff799676720 98 API calls 15900->15903 15900->15909 15905 7ff799672be2 15901->15905 15906 7ff799672b45 15902->15906 15912 7ff799672c22 15903->15912 15907 7ff799672b7b 15904->15907 15905->15900 15910 7ff799672e00 75 API calls 15905->15910 15906->15892 15908 7ff799672dc6 15906->15908 15907->14947 15914 7ff799672770 59 API calls 15908->15914 15910->15900 15911 7ff799671af0 59 API calls 15912->15909 15912->15911 15924 7ff799672d3f 15912->15924 15932 7ff799671795 15931->15932 15934 7ff7996717a1 15931->15934 15933 7ff799672770 59 API calls 15932->15933 15933->15934 15934->14947 15936 7ff799676732 15935->15936 15941 7ff799676768 15935->15941 15991 7ff7996716d0 15936->15991 15941->15844 15945 7ff799676a50 15944->15945 15946 7ff799671b30 49 API calls 15945->15946 15947 7ff799676a81 15946->15947 15948 7ff799671b30 49 API calls 15947->15948 15959 7ff799676c4b 15947->15959 15951 7ff799676aa8 15948->15951 15949 7ff79967ad80 _wfindfirst32i64 8 API calls 15950 7ff79967147f 15949->15950 15950->15848 15950->15849 15951->15959 16516 7ff7996850e8 15951->16516 15953 7ff799676bb9 15954 7ff799677a30 57 API calls 15953->15954 15955 7ff799676bd1 15954->15955 15956 7ff799676c7a 15955->15956 15958 7ff799676990 61 API calls 15955->15958 15962 7ff799676c02 __vcrt_freefls 15955->15962 15957 7ff799673cb0 116 API calls 15956->15957 15957->15959 15958->15962 15959->15949 15960 7ff799676c6e 15961 7ff799676c3f 15962->15960 15962->15961 15965 7ff7996850e8 49 API calls 15967 7ff799676add 15965->15967 15966 7ff799677a30 57 API calls 15966->15967 15967->15953 15967->15959 15967->15965 15967->15966 15968 7ff7996778a0 58 API calls 15967->15968 15968->15967 15970 7ff7996710a6 15969->15970 15971 7ff7996710ad 15970->15971 15972 7ff7996710d3 15970->15972 15973 7ff799672770 59 API calls 15971->15973 15975 7ff7996710ed 15972->15975 15976 7ff799671109 15972->15976 15974 7ff7996710c0 15973->15974 15974->15870 15977 7ff7996724d0 59 API calls 15975->15977 15978 7ff79967111b 15976->15978 15985 7ff799671137 memcpy_s 15976->15985 15988 7ff79967fd6c 15987->15988 16551 7ff79967fa8c 15988->16551 15990 7ff79967fd8a 15990->15874 15992 7ff7996716f5 15991->15992 15993 7ff799671738 15992->15993 15994 7ff799672770 59 API calls 15992->15994 15995 7ff799676780 15993->15995 15994->15993 15996 7ff799676798 15995->15996 15997 7ff79967680b 15996->15997 15998 7ff7996767b8 15996->15998 15999 7ff799676810 GetTempPathW 15997->15999 16000 7ff799676990 61 API calls 15998->16000 16001 7ff799676825 15999->16001 16002 7ff7996767c4 16000->16002 16035 7ff799672470 16001->16035 16059 7ff799676480 16002->16059 16007 7ff79967ad80 _wfindfirst32i64 8 API calls 16010 7ff79967674d 16007->16010 16010->15941 16013 7ff7996768e6 16017 7ff799677b40 59 API calls 16013->16017 16014 7ff79967683e __vcrt_freefls 16014->16013 16018 7ff799676871 16014->16018 16039 7ff79968736c 16014->16039 16042 7ff7996778a0 16014->16042 16019 7ff799677a30 57 API calls 16018->16019 16029 7ff7996768aa __vcrt_freefls 16018->16029 16029->16007 16036 7ff799672495 16035->16036 16093 7ff799683e38 16036->16093 16265 7ff799686f98 16039->16265 16043 7ff79967adb0 16042->16043 16060 7ff79967648c 16059->16060 16061 7ff799677a30 57 API calls 16060->16061 16062 7ff7996764ae 16061->16062 16063 7ff7996764c9 ExpandEnvironmentStringsW 16062->16063 16064 7ff7996764b6 16062->16064 16066 7ff7996764ef __vcrt_freefls 16063->16066 16065 7ff799672770 59 API calls 16064->16065 16067 7ff7996764c2 16065->16067 16068 7ff799676506 16066->16068 16069 7ff7996764f3 16066->16069 16070 7ff79967ad80 _wfindfirst32i64 8 API calls 16067->16070 16073 7ff799676514 16068->16073 16074 7ff799676520 16068->16074 16071 7ff799672770 59 API calls 16069->16071 16072 7ff7996765e8 16070->16072 16071->16067 16072->16029 16083 7ff7996866b4 16072->16083 16400 7ff799685f44 16073->16400 16407 7ff799685348 16074->16407 16077 7ff79967651e 16081 7ff79967654d __scrt_get_show_window_mode 16077->16081 16084 7ff7996866d4 16083->16084 16085 7ff7996866c1 16083->16085 16095 7ff799683e92 16093->16095 16094 7ff799683eb7 16097 7ff799689ce4 _invalid_parameter_noinfo 37 API calls 16094->16097 16095->16094 16096 7ff799683ef3 16095->16096 16111 7ff7996821f0 16096->16111 16099 7ff799683ee1 16097->16099 16101 7ff79967ad80 _wfindfirst32i64 8 API calls 16099->16101 16100 7ff799683fd4 16102 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16100->16102 16104 7ff7996724b4 16101->16104 16102->16099 16104->16014 16105 7ff799683ffa 16105->16100 16108 7ff799684004 16105->16108 16106 7ff799683fa9 16109 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16106->16109 16107 7ff799683fa0 16107->16100 16107->16106 16109->16099 16112 7ff79968222e 16111->16112 16113 7ff79968221e 16111->16113 16114 7ff799682237 16112->16114 16120 7ff799682265 16112->16120 16116 7ff799689ce4 _invalid_parameter_noinfo 37 API calls 16113->16116 16117 7ff799689ce4 _invalid_parameter_noinfo 37 API calls 16114->16117 16115 7ff79968225d 16115->16100 16115->16105 16115->16106 16115->16107 16116->16115 16117->16115 16120->16113 16120->16115 16122 7ff799682c04 16120->16122 16155 7ff799682650 16120->16155 16192 7ff799681de0 16120->16192 16123 7ff799682cb7 16122->16123 16124 7ff799682c46 16122->16124 16125 7ff799682cbc 16123->16125 16126 7ff799682d10 16123->16126 16127 7ff799682c4c 16124->16127 16128 7ff799682ce1 16124->16128 16211 7ff799680fb4 16128->16211 16156 7ff79968265e 16155->16156 16157 7ff799682674 16155->16157 16159 7ff7996826b4 16156->16159 16160 7ff799682cb7 16156->16160 16161 7ff799682c46 16156->16161 16158 7ff799689ce4 _invalid_parameter_noinfo 37 API calls 16157->16158 16157->16159 16158->16159 16159->16120 16162 7ff799682cbc 16160->16162 16163 7ff799682d10 16160->16163 16164 7ff799682c4c 16161->16164 16165 7ff799682ce1 16161->16165 16248 7ff799680228 16192->16248 16249 7ff79968025d 16248->16249 16250 7ff79968026f 16248->16250 16401 7ff799685f62 16400->16401 16404 7ff799685f95 16400->16404 16401->16404 16419 7ff79968f924 16401->16419 16404->16077 16408 7ff799685364 16407->16408 16409 7ff7996853d2 16407->16409 16408->16409 16411 7ff799685369 16408->16411 16453 7ff79968f090 16409->16453 16412 7ff79968539e 16411->16412 16413 7ff799685381 16411->16413 16420 7ff79968f931 16419->16420 16421 7ff79968f93b 16419->16421 16420->16421 16456 7ff79968eea0 16453->16456 16517 7ff79968a620 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 16516->16517 16519 7ff7996850fd 16517->16519 16518 7ff79968ee97 16538 7ff79967af14 16518->16538 16519->16518 16524 7ff79968edb6 16519->16524 16522 7ff79967ad80 _wfindfirst32i64 8 API calls 16523 7ff79968ee8f 16522->16523 16523->15967 16524->16522 16541 7ff79967af28 IsProcessorFeaturePresent 16538->16541 16542 7ff79967af3f 16541->16542 16547 7ff79967afc4 RtlCaptureContext RtlLookupFunctionEntry 16542->16547 16548 7ff79967af53 16547->16548 16549 7ff79967aff4 RtlVirtualUnwind 16547->16549 16550 7ff79967ae00 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16548->16550 16549->16548 16552 7ff79967faac 16551->16552 16553 7ff79967fad9 16551->16553 16552->16553 16554 7ff79967fab6 16552->16554 16555 7ff79967fae1 16552->16555 16553->15990 16567 7ff799672e34 16566->16567 16568 7ff799683be4 49 API calls 16567->16568 16569 7ff799672e5a 16568->16569 16570 7ff799672e6b 16569->16570 16598 7ff799684e08 16569->16598 16572 7ff79967ad80 _wfindfirst32i64 8 API calls 16570->16572 16573 7ff799672a8d 16572->16573 16573->15884 16573->15885 16575 7ff79967660e 16574->16575 16576 7ff799673cb0 116 API calls 16575->16576 16577 7ff799676635 16576->16577 16578 7ff799676a40 136 API calls 16577->16578 16579 7ff799676643 16578->16579 16580 7ff7996766f3 16579->16580 16582 7ff79967665d 16579->16582 16599 7ff799684e25 16598->16599 16600 7ff799684e31 16598->16600 16615 7ff799684680 16599->16615 16640 7ff799684a1c 16600->16640 16603 7ff799684e2a 16603->16570 16607 7ff799684e69 16651 7ff799684504 16607->16651 16609 7ff799684ed9 16611 7ff799684680 69 API calls 16609->16611 16610 7ff799684ec5 16610->16603 16612 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16610->16612 16613 7ff799684ee5 16611->16613 16612->16603 16613->16603 16614 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16613->16614 16614->16603 16616 7ff79968469a 16615->16616 16617 7ff7996846b7 16615->16617 16619 7ff799684424 _fread_nolock 11 API calls 16616->16619 16617->16616 16618 7ff7996846ca CreateFileW 16617->16618 16620 7ff7996846fe 16618->16620 16621 7ff799684734 16618->16621 16622 7ff79968469f 16619->16622 16673 7ff7996847d4 GetFileType 16620->16673 16699 7ff799684cf8 16621->16699 16625 7ff799684444 _wfindfirst32i64 11 API calls 16622->16625 16628 7ff7996846a7 16625->16628 16633 7ff799689db0 _invalid_parameter_noinfo 37 API calls 16628->16633 16629 7ff799684729 CloseHandle 16634 7ff7996846b2 16629->16634 16630 7ff799684713 CloseHandle 16630->16634 16631 7ff79968473d 16632 7ff799684768 16633->16634 16634->16603 16641 7ff799684a40 16640->16641 16647 7ff799684a3b 16640->16647 16642 7ff79968a620 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 16641->16642 16641->16647 16643 7ff799684a5b 16642->16643 16761 7ff79968cb2c 16643->16761 16647->16607 16648 7ff79968dfcc 16647->16648 16769 7ff79968ddb8 16648->16769 16652 7ff79968452e 16651->16652 16653 7ff799684552 16651->16653 16656 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16652->16656 16672 7ff79968453d 16652->16672 16654 7ff7996845ac 16653->16654 16657 7ff799684557 16653->16657 16778 7ff79968e7f0 16654->16778 16656->16672 16658 7ff79968456c 16657->16658 16659 7ff799689e18 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16657->16659 16657->16672 16660 7ff79968cacc _fread_nolock 12 API calls 16658->16660 16659->16658 16660->16672 16672->16609 16672->16610 16674 7ff799684822 16673->16674 16675 7ff7996848df 16673->16675 16676 7ff79968484e GetFileInformationByHandle 16674->16676 16680 7ff799684bf4 21 API calls 16674->16680 16677 7ff799684909 16675->16677 16678 7ff7996848e7 16675->16678 16681 7ff7996848fa GetLastError 16676->16681 16682 7ff799684877 16676->16682 16679 7ff79968492c PeekNamedPipe 16677->16679 16698 7ff7996848ca 16677->16698 16678->16681 16683 7ff7996848eb 16678->16683 16679->16698 16687 7ff79968483c 16680->16687 16686 7ff7996843b8 _fread_nolock 11 API calls 16681->16686 16684 7ff799684ab8 51 API calls 16682->16684 16685 7ff799684444 _wfindfirst32i64 11 API calls 16683->16685 16688 7ff799684882 16684->16688 16685->16698 16686->16698 16687->16676 16687->16698 16737 7ff79968497c 16688->16737 16689 7ff79967ad80 _wfindfirst32i64 8 API calls 16691 7ff79968470c 16689->16691 16691->16629 16691->16630 16698->16689 16700 7ff799684d2e 16699->16700 16701 7ff799684444 _wfindfirst32i64 11 API calls 16700->16701 16719 7ff799684dc6 __vcrt_freefls 16700->16719 16703 7ff799684d40 16701->16703 16702 7ff79967ad80 _wfindfirst32i64 8 API calls 16704 7ff799684739 16702->16704 16705 7ff799684444 _wfindfirst32i64 11 API calls 16703->16705 16704->16631 16704->16632 16706 7ff799684d48 16705->16706 16707 7ff799685348 45 API calls 16706->16707 16719->16702 16762 7ff79968cb41 16761->16762 16763 7ff799684a7e 16761->16763 16762->16763 16764 7ff799692424 45 API calls 16762->16764 16765 7ff79968cb98 16763->16765 16764->16763 16766 7ff79968cbc0 16765->16766 16767 7ff79968cbad 16765->16767 16766->16647 16767->16766 16768 7ff799691790 45 API calls 16767->16768 16768->16766 16770 7ff79968de15 16769->16770 16776 7ff79968de10 __vcrt_InitializeCriticalSectionEx 16769->16776 16770->16607 16771 7ff79968de45 LoadLibraryExW 16773 7ff79968df1a 16771->16773 16774 7ff79968de6a GetLastError 16771->16774 16772 7ff79968df3a GetProcAddress 16772->16770 16773->16772 16775 7ff79968df31 FreeLibrary 16773->16775 16774->16776 16775->16772 16776->16770 16776->16771 16776->16772 16777 7ff79968dea4 LoadLibraryExW 16776->16777 16777->16773 16777->16776 16780 7ff79968e7f9 MultiByteToWideChar 16778->16780 16808 7ff79967707a 16807->16808 16809 7ff79968918d 16807->16809 16813 7ff799686ef8 16808->16813 16810 7ff799684444 _wfindfirst32i64 11 API calls 16809->16810 16811 7ff799689192 16810->16811 16812 7ff799689db0 _invalid_parameter_noinfo 37 API calls 16811->16812 16812->16808 16814 7ff799686f01 16813->16814 16815 7ff799686f16 16813->16815 16816 7ff799684424 _fread_nolock 11 API calls 16814->16816 16817 7ff799684424 _fread_nolock 11 API calls 16815->16817 16821 7ff799686f0e 16815->16821 16826 7ff79967b04e RtlLookupFunctionEntry 16825->16826 16827 7ff79967ae6b 16826->16827 16828 7ff79967b064 RtlVirtualUnwind 16826->16828 16829 7ff79967ae00 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16827->16829 16828->16826 16828->16827 16833 7ff7996853fc 16830->16833 16831 7ff799685422 16832 7ff799684444 _wfindfirst32i64 11 API calls 16831->16832 16834 7ff799685427 16832->16834 16833->16831 16835 7ff799685455 16833->16835 16836 7ff799689db0 _invalid_parameter_noinfo 37 API calls 16834->16836 16837 7ff79968545b 16835->16837 16838 7ff799685468 16835->16838 16839 7ff799673d09 16836->16839 16840 7ff799684444 _wfindfirst32i64 11 API calls 16837->16840 16849 7ff79968a0f8 16838->16849 16839->15010 16840->16839 16862 7ff79968f788 EnterCriticalSection 16849->16862 17210 7ff799687968 17209->17210 17213 7ff799687444 17210->17213 17212 7ff799687981 17212->15020 17214 7ff79968748e 17213->17214 17215 7ff79968745f 17213->17215 17223 7ff7996842ec EnterCriticalSection 17214->17223 17216 7ff799689ce4 _invalid_parameter_noinfo 37 API calls 17215->17216 17222 7ff79968747f 17216->17222 17222->17212 17225 7ff79967f0a3 17224->17225 17226 7ff79967f0d1 17224->17226 17227 7ff799689ce4 _invalid_parameter_noinfo 37 API calls 17225->17227 17233 7ff79967f0c3 17226->17233 17234 7ff7996842ec EnterCriticalSection 17226->17234 17227->17233 17233->15024 17236 7ff7996712f8 17235->17236 17237 7ff7996712c6 17235->17237 17239 7ff79967f934 73 API calls 17236->17239 17238 7ff799673cb0 116 API calls 17237->17238 17240 7ff7996712d6 17238->17240 17241 7ff79967130a 17239->17241 17240->17236 17242 7ff7996712de 17240->17242 17243 7ff79967130e 17241->17243 17244 7ff79967132f 17241->17244 17245 7ff799672770 59 API calls 17242->17245 17246 7ff7996724d0 59 API calls 17243->17246 17249 7ff799671364 17244->17249 17250 7ff799671344 17244->17250 17247 7ff7996712ee 17245->17247 17248 7ff799671325 17246->17248 17247->15035 17248->15035 17252 7ff79967137e 17249->17252 17253 7ff799671395 17249->17253 17251 7ff7996724d0 59 API calls 17250->17251 17254 7ff79967135f __vcrt_freefls 17251->17254 17255 7ff799671050 98 API calls 17252->17255 17253->17254 17256 7ff79967f5fc _fread_nolock 53 API calls 17253->17256 17259 7ff7996713de 17253->17259 17257 7ff79967f2ac 74 API calls 17254->17257 17258 7ff799671421 17254->17258 17255->17254 17256->17253 17257->17258 17258->15035 17260 7ff7996724d0 59 API calls 17259->17260 17260->17254 17262 7ff799671b30 49 API calls 17261->17262 17263 7ff799673d60 17262->17263 17263->15038 17263->17263 17265 7ff7996716aa 17264->17265 17266 7ff799671666 17264->17266 17265->15046 17266->17265 17267 7ff799672770 59 API calls 17266->17267 17268 7ff7996716be 17267->17268 17268->15046 17270 7ff799677a30 57 API calls 17269->17270 17271 7ff7996771c7 LoadLibraryExW 17270->17271 17272 7ff7996771e4 __vcrt_freefls 17271->17272 17272->15061 17273->15138 17274->15134 17276 7ff799674970 17275->17276 17277 7ff799671b30 49 API calls 17276->17277 17278 7ff7996749a2 17277->17278 17279 7ff7996749cb 17278->17279 17280 7ff7996749ab 17278->17280 17282 7ff799674a22 17279->17282 17284 7ff799673d30 49 API calls 17279->17284 17281 7ff799672770 59 API calls 17280->17281 17285 7ff7996749c1 17281->17285 17283 7ff799673d30 49 API calls 17282->17283 17289 7ff799674a3b 17283->17289 17286 7ff7996749ec 17284->17286 17287 7ff79967ad80 _wfindfirst32i64 8 API calls 17285->17287 17290 7ff799674a0a 17286->17290 17295 7ff799672770 59 API calls 17286->17295 17292 7ff7996730be 17287->17292 17288 7ff799674a59 17294 7ff7996771b0 58 API calls 17288->17294 17289->17288 17293 7ff799672770 59 API calls 17289->17293 17360 7ff799673c40 17290->17360 17292->15146 17303 7ff799674ce0 17292->17303 17293->17288 17297 7ff799674a66 17294->17297 17295->17290 17298 7ff799674a8d 17297->17298 17299 7ff799674a6b 17297->17299 17366 7ff799673df0 GetProcAddress 17298->17366 17302 7ff799672620 57 API calls 17299->17302 17301 7ff7996771b0 58 API calls 17301->17282 17302->17285 17304 7ff799676990 61 API calls 17303->17304 17306 7ff799674cf5 17304->17306 17305 7ff799674d10 17307 7ff799677a30 57 API calls 17305->17307 17306->17305 17308 7ff799672880 59 API calls 17306->17308 17309 7ff799674d54 17307->17309 17308->17305 17310 7ff799674d59 17309->17310 17311 7ff799674d70 17309->17311 17312 7ff799672770 59 API calls 17310->17312 17314 7ff799677a30 57 API calls 17311->17314 17313 7ff799674d65 17312->17313 17313->15148 17315 7ff799674da5 17314->17315 17317 7ff799671b30 49 API calls 17315->17317 17329 7ff799674daa __vcrt_freefls 17315->17329 17316 7ff799672770 59 API calls 17318 7ff799674f51 17316->17318 17319 7ff799674e27 17317->17319 17318->15148 17320 7ff799674e2e 17319->17320 17321 7ff799674e53 17319->17321 17322 7ff799672770 59 API calls 17320->17322 17323 7ff799677a30 57 API calls 17321->17323 17324 7ff799674e43 17322->17324 17325 7ff799674e6c 17323->17325 17324->15148 17325->17329 17329->17316 17330 7ff799674f3a 17329->17330 17330->15148 17332 7ff7996746f7 17331->17332 17332->17332 17333 7ff799674720 17332->17333 17340 7ff799674737 __vcrt_freefls 17332->17340 17334 7ff799672770 59 API calls 17333->17334 17336 7ff79967481b 17337 7ff7996712b0 122 API calls 17337->17340 17338 7ff799671780 59 API calls 17338->17340 17339 7ff799672770 59 API calls 17339->17340 17340->17336 17340->17337 17340->17338 17340->17339 17361 7ff799673c4a 17360->17361 17362 7ff799677a30 57 API calls 17361->17362 17363 7ff799673c72 17362->17363 17364 7ff79967ad80 _wfindfirst32i64 8 API calls 17363->17364 17365 7ff799673c9a 17364->17365 17365->17282 17365->17301 17367 7ff799673e3b GetProcAddress 17366->17367 17368 7ff799673e18 17366->17368 17367->17368 17369 7ff799673e60 GetProcAddress 17367->17369 17370 7ff799672620 57 API calls 17368->17370 17369->17368 17371 7ff799673e85 GetProcAddress 17369->17371 17373 7ff799673e2b 17370->17373 17371->17368 17372 7ff799673ead GetProcAddress 17371->17372 17372->17368 17374 7ff799673ed5 GetProcAddress 17372->17374 17373->17285 17374->17368 17375 7ff799673efd GetProcAddress 17374->17375 17376 7ff799673f19 17375->17376 17377 7ff799673f25 GetProcAddress 17375->17377 17376->17377 17378 7ff799673f4d GetProcAddress 17377->17378 17379 7ff799673f41 17377->17379 17380 7ff799673f69 17378->17380 17379->17378 17641 7ff79968a620 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 17640->17641 17642 7ff7996890e1 17641->17642 17643 7ff79968920c __FrameHandler3::FrameUnwindToEmptyState 45 API calls 17642->17643 17644 7ff799689101 17643->17644

                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                      Function 00007FF799694E20 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 135 7ff799694e20-7ff799694e5b call 7ff7996947a8 call 7ff7996947b0 call 7ff799694818 142 7ff799694e61-7ff799694e6c call 7ff7996947b8 135->142 143 7ff799695085-7ff7996950d1 call 7ff799689dd0 call 7ff7996947a8 call 7ff7996947b0 call 7ff799694818 135->143 142->143 148 7ff799694e72-7ff799694e7c 142->148 170 7ff79969520f-7ff79969527d call 7ff799689dd0 call 7ff7996906b8 143->170 171 7ff7996950d7-7ff7996950e2 call 7ff7996947b8 143->171 150 7ff799694e9e-7ff799694ea2 148->150 151 7ff799694e7e-7ff799694e81 148->151 154 7ff799694ea5-7ff799694ead 150->154 153 7ff799694e84-7ff799694e8f 151->153 156 7ff799694e91-7ff799694e98 153->156 157 7ff799694e9a-7ff799694e9c 153->157 154->154 158 7ff799694eaf-7ff799694ec2 call 7ff79968cacc 154->158 156->153 156->157 157->150 160 7ff799694ecb-7ff799694ed9 157->160 165 7ff799694ec4-7ff799694ec6 call 7ff799689e18 158->165 166 7ff799694eda-7ff799694ee6 call 7ff799689e18 158->166 165->160 176 7ff799694eed-7ff799694ef5 166->176 189 7ff79969527f-7ff799695286 170->189 190 7ff79969528b-7ff79969528e 170->190 171->170 178 7ff7996950e8-7ff7996950f3 call 7ff7996947e8 171->178 176->176 179 7ff799694ef7-7ff799694f08 call 7ff79968f924 176->179 178->170 187 7ff7996950f9-7ff79969511c call 7ff799689e18 GetTimeZoneInformation 178->187 179->143 188 7ff799694f0e-7ff799694f64 call 7ff79967c210 * 4 call 7ff799694d3c 179->188 203 7ff799695122-7ff799695143 187->203 204 7ff7996951e4-7ff79969520e call 7ff7996947a0 call 7ff799694790 call 7ff799694798 187->204 247 7ff799694f66-7ff799694f6a 188->247 193 7ff79969531b-7ff79969531e 189->193 194 7ff799695290 190->194 195 7ff7996952c5-7ff7996952d8 call 7ff79968cacc 190->195 196 7ff799695293 call 7ff79969509c 193->196 197 7ff799695324-7ff79969532c call 7ff799694e20 193->197 194->196 208 7ff7996952e3-7ff7996952fe call 7ff7996906b8 195->208 209 7ff7996952da 195->209 214 7ff799695298-7ff7996952c4 call 7ff799689e18 call 7ff79967ad80 196->214 197->214 210 7ff799695145-7ff79969514b 203->210 211 7ff79969514e-7ff799695155 203->211 231 7ff799695300-7ff799695303 208->231 232 7ff799695305-7ff799695317 call 7ff799689e18 208->232 215 7ff7996952dc-7ff7996952e1 call 7ff799689e18 209->215 210->211 216 7ff799695157-7ff79969515f 211->216 217 7ff799695169 211->217 215->194 216->217 224 7ff799695161-7ff799695167 216->224 227 7ff79969516b-7ff7996951df call 7ff79967c210 * 4 call 7ff799691c7c call 7ff799695334 * 2 217->227 224->227 227->204 231->215 232->193 249 7ff799694f70-7ff799694f74 247->249 250 7ff799694f6c 247->250 249->247 252 7ff799694f76-7ff799694f9b call 7ff799697c64 249->252 250->249 258 7ff799694f9e-7ff799694fa2 252->258 260 7ff799694fb1-7ff799694fb5 258->260 261 7ff799694fa4-7ff799694faf 258->261 260->258 261->260 263 7ff799694fb7-7ff799694fbb 261->263 266 7ff79969503c-7ff799695040 263->266 267 7ff799694fbd-7ff799694fe5 call 7ff799697c64 263->267 268 7ff799695042-7ff799695044 266->268 269 7ff799695047-7ff799695054 266->269 275 7ff799695003-7ff799695007 267->275 276 7ff799694fe7 267->276 268->269 271 7ff79969506f-7ff79969507e call 7ff7996947a0 call 7ff799694790 269->271 272 7ff799695056-7ff79969506c call 7ff799694d3c 269->272 271->143 272->271 275->266 279 7ff799695009-7ff799695027 call 7ff799697c64 275->279 281 7ff799694fea-7ff799694ff1 276->281 287 7ff799695033-7ff79969503a 279->287 281->275 282 7ff799694ff3-7ff799695001 281->282 282->275 282->281 287->266 288 7ff799695029-7ff79969502d 287->288 288->266 289 7ff79969502f 288->289 289->287
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF799694E65
                                                                                                                                                                                        • Part of subcall function 00007FF7996947B8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7996947CC
                                                                                                                                                                                        • Part of subcall function 00007FF799689E18: RtlFreeHeap.NTDLL(?,?,?,00007FF799691E42,?,?,?,00007FF799691E7F,?,?,00000000,00007FF799692345,?,?,?,00007FF799692277), ref: 00007FF799689E2E
                                                                                                                                                                                        • Part of subcall function 00007FF799689E18: GetLastError.KERNEL32(?,?,?,00007FF799691E42,?,?,?,00007FF799691E7F,?,?,00000000,00007FF799692345,?,?,?,00007FF799692277), ref: 00007FF799689E38
                                                                                                                                                                                        • Part of subcall function 00007FF799689DD0: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF799689DAF,?,?,?,?,?,00007FF7996821EC), ref: 00007FF799689DD9
                                                                                                                                                                                        • Part of subcall function 00007FF799689DD0: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF799689DAF,?,?,?,?,?,00007FF7996821EC), ref: 00007FF799689DFE
                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF799694E54
                                                                                                                                                                                        • Part of subcall function 00007FF799694818: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79969482C
                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF7996950CA
                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF7996950DB
                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF7996950EC
                                                                                                                                                                                      • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF79969532C), ref: 00007FF799695113
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                      • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                      • API String ID: 4070488512-239921721
                                                                                                                                                                                      • Opcode ID: 77ba2d10f7a40a17f98ee8fd01e8c058cff67636c36494bf754a44884999314e
                                                                                                                                                                                      • Instruction ID: d0c64f92b03ce063efc61caa5fbfd9126005503111557e4eeace3bce4477d8ee
                                                                                                                                                                                      • Opcode Fuzzy Hash: 77ba2d10f7a40a17f98ee8fd01e8c058cff67636c36494bf754a44884999314e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 78D1AD26A1825286FB34BF36D4501B9A7B3FF89794FC44136EA2D47785EE3CE4418760
                                                                                                                                                                                      Function 00007FF799695D6C Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 320 7ff799695d6c-7ff799695ddf call 7ff799695aa0 323 7ff799695de1-7ff799695dea call 7ff799684424 320->323 324 7ff799695df9-7ff799695e03 call 7ff799686cfc 320->324 329 7ff799695ded-7ff799695df4 call 7ff799684444 323->329 330 7ff799695e05-7ff799695e1c call 7ff799684424 call 7ff799684444 324->330 331 7ff799695e1e-7ff799695e87 CreateFileW 324->331 344 7ff79969613a-7ff79969615a 329->344 330->329 334 7ff799695f04-7ff799695f0f GetFileType 331->334 335 7ff799695e89-7ff799695e8f 331->335 337 7ff799695f11-7ff799695f4c GetLastError call 7ff7996843b8 CloseHandle 334->337 338 7ff799695f62-7ff799695f69 334->338 340 7ff799695ed1-7ff799695eff GetLastError call 7ff7996843b8 335->340 341 7ff799695e91-7ff799695e95 335->341 337->329 355 7ff799695f52-7ff799695f5d call 7ff799684444 337->355 347 7ff799695f71-7ff799695f74 338->347 348 7ff799695f6b-7ff799695f6f 338->348 340->329 341->340 342 7ff799695e97-7ff799695ecf CreateFileW 341->342 342->334 342->340 352 7ff799695f7a-7ff799695fcf call 7ff799686c14 347->352 353 7ff799695f76 347->353 348->352 358 7ff799695fd1-7ff799695fdd call 7ff799695ca8 352->358 359 7ff799695fee-7ff79969601f call 7ff799695820 352->359 353->352 355->329 358->359 365 7ff799695fdf 358->365 366 7ff799696021-7ff799696023 359->366 367 7ff799696025-7ff799696067 359->367 368 7ff799695fe1-7ff799695fe9 call 7ff799689f90 365->368 366->368 369 7ff799696089-7ff799696094 367->369 370 7ff799696069-7ff79969606d 367->370 368->344 371 7ff799696138 369->371 372 7ff79969609a-7ff79969609e 369->372 370->369 374 7ff79969606f-7ff799696084 370->374 371->344 372->371 375 7ff7996960a4-7ff7996960e9 CloseHandle CreateFileW 372->375 374->369 377 7ff7996960eb-7ff799696119 GetLastError call 7ff7996843b8 call 7ff799686e3c 375->377 378 7ff79969611e-7ff799696133 375->378 377->378 378->371
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1617910340-0
                                                                                                                                                                                      • Opcode ID: f9714f3a8e10acd42ca2d2c5b2c2c8a966f4ca54d5d677232d284773bb45134f
                                                                                                                                                                                      • Instruction ID: 76c5159c61e54c6556610012250eb58183f845362fea9be6cddc1d9cc7974633
                                                                                                                                                                                      • Opcode Fuzzy Hash: f9714f3a8e10acd42ca2d2c5b2c2c8a966f4ca54d5d677232d284773bb45134f
                                                                                                                                                                                      • Instruction Fuzzy Hash: D1C1A136B28A4186FB20EF79C4906BC7772FB49BA8B811225DE2E57795CF39D055C310
                                                                                                                                                                                      Function 00007FF799676780 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetTempPathW.KERNEL32(?,00000000,?,00007FF79967674D), ref: 00007FF79967681A
                                                                                                                                                                                        • Part of subcall function 00007FF799676990: GetEnvironmentVariableW.KERNEL32(00007FF7996736E7), ref: 00007FF7996769CA
                                                                                                                                                                                        • Part of subcall function 00007FF799676990: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7996769E7
                                                                                                                                                                                        • Part of subcall function 00007FF7996866B4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7996866CD
                                                                                                                                                                                      • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF7996768D1
                                                                                                                                                                                        • Part of subcall function 00007FF799672770: MessageBoxW.USER32 ref: 00007FF799672841
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
                                                                                                                                                                                      • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                                                      • API String ID: 3752271684-1116378104
                                                                                                                                                                                      • Opcode ID: f0ff48578907a1126a2fb3b3d0e0d3ed1b6e9341558fecceb6b7a90a7f9efa5b
                                                                                                                                                                                      • Instruction ID: 02a091232d3149b8b7e38a7a3a7628040d552616b5e591573fc4e96bb90ae0b1
                                                                                                                                                                                      • Opcode Fuzzy Hash: f0ff48578907a1126a2fb3b3d0e0d3ed1b6e9341558fecceb6b7a90a7f9efa5b
                                                                                                                                                                                      • Instruction Fuzzy Hash: 30516A11B1D74381FA74BF72A9552BAD6B39F49BC0FC44035ED2E87796ED2DE4018221
                                                                                                                                                                                      Function 00007FF79969509C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 773 7ff79969509c-7ff7996950d1 call 7ff7996947a8 call 7ff7996947b0 call 7ff799694818 780 7ff79969520f-7ff79969527d call 7ff799689dd0 call 7ff7996906b8 773->780 781 7ff7996950d7-7ff7996950e2 call 7ff7996947b8 773->781 793 7ff79969527f-7ff799695286 780->793 794 7ff79969528b-7ff79969528e 780->794 781->780 786 7ff7996950e8-7ff7996950f3 call 7ff7996947e8 781->786 786->780 792 7ff7996950f9-7ff79969511c call 7ff799689e18 GetTimeZoneInformation 786->792 805 7ff799695122-7ff799695143 792->805 806 7ff7996951e4-7ff79969520e call 7ff7996947a0 call 7ff799694790 call 7ff799694798 792->806 796 7ff79969531b-7ff79969531e 793->796 797 7ff799695290 794->797 798 7ff7996952c5-7ff7996952d8 call 7ff79968cacc 794->798 799 7ff799695293 call 7ff79969509c 796->799 800 7ff799695324-7ff79969532c call 7ff799694e20 796->800 797->799 809 7ff7996952e3-7ff7996952fe call 7ff7996906b8 798->809 810 7ff7996952da 798->810 814 7ff799695298-7ff7996952c4 call 7ff799689e18 call 7ff79967ad80 799->814 800->814 811 7ff799695145-7ff79969514b 805->811 812 7ff79969514e-7ff799695155 805->812 829 7ff799695300-7ff799695303 809->829 830 7ff799695305-7ff799695317 call 7ff799689e18 809->830 815 7ff7996952dc-7ff7996952e1 call 7ff799689e18 810->815 811->812 816 7ff799695157-7ff79969515f 812->816 817 7ff799695169 812->817 815->797 816->817 823 7ff799695161-7ff799695167 816->823 825 7ff79969516b-7ff7996951df call 7ff79967c210 * 4 call 7ff799691c7c call 7ff799695334 * 2 817->825 823->825 825->806 829->815 830->796
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF7996950CA
                                                                                                                                                                                        • Part of subcall function 00007FF799694818: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79969482C
                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF7996950DB
                                                                                                                                                                                        • Part of subcall function 00007FF7996947B8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7996947CC
                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF7996950EC
                                                                                                                                                                                        • Part of subcall function 00007FF7996947E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7996947FC
                                                                                                                                                                                        • Part of subcall function 00007FF799689E18: RtlFreeHeap.NTDLL(?,?,?,00007FF799691E42,?,?,?,00007FF799691E7F,?,?,00000000,00007FF799692345,?,?,?,00007FF799692277), ref: 00007FF799689E2E
                                                                                                                                                                                        • Part of subcall function 00007FF799689E18: GetLastError.KERNEL32(?,?,?,00007FF799691E42,?,?,?,00007FF799691E7F,?,?,00000000,00007FF799692345,?,?,?,00007FF799692277), ref: 00007FF799689E38
                                                                                                                                                                                      • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF79969532C), ref: 00007FF799695113
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                      • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                      • API String ID: 3458911817-239921721
                                                                                                                                                                                      • Opcode ID: 74e2aae664cff904285b8cceaf5bd78e264b53cf78d1017760ee0a7f729cca6e
                                                                                                                                                                                      • Instruction ID: bea1e538932d6a17f01d0824186748f24f125251d00e12d6502499636105928c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 74e2aae664cff904285b8cceaf5bd78e264b53cf78d1017760ee0a7f729cca6e
                                                                                                                                                                                      • Instruction Fuzzy Hash: F7516B72A1864286F730FF31E9901A9E7B2BB88784FC44136EA6D47696DF3CE4018760
                                                                                                                                                                                      Function 00007FF79968FA08 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1010374628-0
                                                                                                                                                                                      • Opcode ID: 0acdd9e309cfeb04828d1c66f74c4088768a5d3a74191b7ea8684e639bf01185
                                                                                                                                                                                      • Instruction ID: 8f4b32546689673eeaa1adeb5540602d7abf90a85eb63a8f5ff790b9b4a51710
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0acdd9e309cfeb04828d1c66f74c4088768a5d3a74191b7ea8684e639bf01185
                                                                                                                                                                                      • Instruction Fuzzy Hash: 71029E22A0D642C1FA74BF3A9404279E6B2AF46BA0FD44635DE7D477D2EE3DA4118370
                                                                                                                                                                                      Function 00007FF7996717B0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _fread_nolock$Message_invalid_parameter_noinfo
                                                                                                                                                                                      • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                                                                      • API String ID: 2153230061-4158440160
                                                                                                                                                                                      • Opcode ID: 89b0be782711f6ea6e2647f2b9cebeab1cc80561cce721b8eca3f4fc52a5b3ef
                                                                                                                                                                                      • Instruction ID: 1520e5281ff2c77a7063f22a4efbb2fe4d32ca804f443b4e6700fccbcb388c44
                                                                                                                                                                                      • Opcode Fuzzy Hash: 89b0be782711f6ea6e2647f2b9cebeab1cc80561cce721b8eca3f4fc52a5b3ef
                                                                                                                                                                                      • Instruction Fuzzy Hash: 89514C72A1970286FB64EF38D454178B3B2EB48B48B918136DA2D87799DF3CE541C760
                                                                                                                                                                                      Function 00007FF799671440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 53 7ff799671440-7ff799671457 call 7ff799676720 56 7ff799671459-7ff799671461 53->56 57 7ff799671462-7ff799671485 call 7ff799676a40 53->57 60 7ff7996714a7-7ff7996714ad 57->60 61 7ff799671487-7ff7996714a2 call 7ff7996724d0 57->61 63 7ff7996714af-7ff7996714ba call 7ff799673cb0 60->63 64 7ff7996714e0-7ff7996714f4 call 7ff79967f934 60->64 68 7ff799671635-7ff799671647 61->68 69 7ff7996714bf-7ff7996714c5 63->69 72 7ff799671516-7ff79967151a 64->72 73 7ff7996714f6-7ff799671511 call 7ff7996724d0 64->73 69->64 71 7ff7996714c7-7ff7996714db call 7ff799672770 69->71 82 7ff799671617-7ff79967161d 71->82 75 7ff79967151c-7ff799671528 call 7ff799671050 72->75 76 7ff799671534-7ff799671554 call 7ff7996840b0 72->76 73->82 83 7ff79967152d-7ff79967152f 75->83 87 7ff799671575-7ff79967157b 76->87 88 7ff799671556-7ff799671570 call 7ff7996724d0 76->88 85 7ff79967162b-7ff79967162e call 7ff79967f2ac 82->85 86 7ff79967161f call 7ff79967f2ac 82->86 83->82 95 7ff799671633 85->95 94 7ff799671624 86->94 92 7ff799671605-7ff799671608 call 7ff79968409c 87->92 93 7ff799671581-7ff799671586 87->93 99 7ff79967160d-7ff799671612 88->99 92->99 98 7ff799671590-7ff7996715b2 call 7ff79967f5fc 93->98 94->85 95->68 102 7ff7996715e5-7ff7996715ec 98->102 103 7ff7996715b4-7ff7996715cc call 7ff79967fd3c 98->103 99->82 105 7ff7996715f3-7ff7996715fb call 7ff7996724d0 102->105 108 7ff7996715ce-7ff7996715d1 103->108 109 7ff7996715d5-7ff7996715e3 103->109 112 7ff799671600 105->112 108->98 111 7ff7996715d3 108->111 109->105 111->112 112->92
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                      • API String ID: 0-666925554
                                                                                                                                                                                      • Opcode ID: a0da00e948d8bf5ab75f65998a8982b5789af3fcbcffcd26f02d9795f42b9c94
                                                                                                                                                                                      • Instruction ID: 431e0b96d680a771f388b5a51257a13207570ef71a798b34e7d1a9979dfd1b16
                                                                                                                                                                                      • Opcode Fuzzy Hash: a0da00e948d8bf5ab75f65998a8982b5789af3fcbcffcd26f02d9795f42b9c94
                                                                                                                                                                                      • Instruction Fuzzy Hash: AA518865A0974281FA30BF35E5046B9A3B2AF45BD4FC54132DE2D4779AEE3CE6858320
                                                                                                                                                                                      Function 00007FF7996778A0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                                                                                                                                      • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                                                      • API String ID: 4998090-2855260032
                                                                                                                                                                                      • Opcode ID: 2e28230f75d657313d5b30c4cdf08458408b558478e57b477a7299d9920cfa6e
                                                                                                                                                                                      • Instruction ID: bd43be5a739e1a3535ed1efa13e83dda88ec5f39b319a310027c49806a7e4c46
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e28230f75d657313d5b30c4cdf08458408b558478e57b477a7299d9920cfa6e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 32412D3261C78282FA60AF71E4446BAB3B6FB84794F841231EA6E476D5DF3CD544CB60
                                                                                                                                                                                      Function 00007FF799676FD0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90processsynchronizationCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                      • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                                      • API String ID: 2895956056-3524285272
                                                                                                                                                                                      • Opcode ID: 818e29d337d92c80142cd965dc47d4137e35c853672c1fb6e5a7bce6e7f526a1
                                                                                                                                                                                      • Instruction ID: 79b6dad35cb22db326f8145af2da43cd9f45299fe4a82114171f3c423a65f971
                                                                                                                                                                                      • Opcode Fuzzy Hash: 818e29d337d92c80142cd965dc47d4137e35c853672c1fb6e5a7bce6e7f526a1
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B410D32A0878286EA20AF71E4552AAE3B5EB95364F900335E6BD47BD5DF7CD044CB50
                                                                                                                                                                                      Function 00007FF799671000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 273COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 383 7ff799671000-7ff799673686 call 7ff79967f080 call 7ff79967f078 call 7ff799677600 call 7ff79967f078 call 7ff79967adb0 call 7ff799684270 call 7ff799684f14 call 7ff799671af0 401 7ff79967368c-7ff79967369b call 7ff799673ba0 383->401 402 7ff79967379a 383->402 401->402 407 7ff7996736a1-7ff7996736b4 call 7ff799673a70 401->407 404 7ff79967379f-7ff7996737bf call 7ff79967ad80 402->404 407->402 411 7ff7996736ba-7ff7996736cd call 7ff799673b20 407->411 411->402 414 7ff7996736d3-7ff7996736fa call 7ff799676990 411->414 417 7ff79967373c-7ff799673764 call 7ff799676f90 call 7ff7996719d0 414->417 418 7ff7996736fc-7ff79967370b call 7ff799676990 414->418 428 7ff79967384d-7ff79967385e 417->428 429 7ff79967376a-7ff799673780 call 7ff7996719d0 417->429 418->417 423 7ff79967370d-7ff799673713 418->423 426 7ff799673715-7ff79967371d 423->426 427 7ff79967371f-7ff799673739 call 7ff79968409c call 7ff799676f90 423->427 426->427 427->417 433 7ff799673873-7ff79967388b call 7ff799677a30 428->433 434 7ff799673860-7ff79967386a call 7ff799673280 428->434 440 7ff799673782-7ff799673795 call 7ff799672770 429->440 441 7ff7996737c0-7ff7996737c3 429->441 444 7ff79967388d-7ff799673899 call 7ff799672770 433->444 445 7ff79967389e-7ff7996738a5 SetDllDirectoryW 433->445 448 7ff7996738ab-7ff7996738b8 call 7ff799675e40 434->448 449 7ff79967386c 434->449 440->402 441->428 447 7ff7996737c9-7ff7996737e0 call 7ff799673cb0 441->447 444->402 445->448 458 7ff7996737e7-7ff799673813 call 7ff799677200 447->458 459 7ff7996737e2-7ff7996737e5 447->459 456 7ff7996738ba-7ff7996738ca call 7ff799675ae0 448->456 457 7ff799673906-7ff79967390b call 7ff799675dc0 448->457 449->433 456->457 473 7ff7996738cc-7ff7996738db call 7ff799675640 456->473 466 7ff799673910-7ff799673913 457->466 468 7ff79967383d-7ff79967384b 458->468 469 7ff799673815-7ff79967381d call 7ff79967f2ac 458->469 463 7ff799673822-7ff799673838 call 7ff799672770 459->463 463->402 471 7ff799673919-7ff799673926 466->471 472 7ff7996739c6-7ff7996739d5 call 7ff799673110 466->472 468->434 469->463 475 7ff799673930-7ff79967393a 471->475 472->402 483 7ff7996739db-7ff799673a12 call 7ff799676f20 call 7ff799676990 call 7ff7996753e0 472->483 486 7ff7996738dd-7ff7996738e9 call 7ff7996755d0 473->486 487 7ff7996738fc-7ff799673901 call 7ff799675890 473->487 479 7ff79967393c-7ff799673941 475->479 480 7ff799673943-7ff799673945 475->480 479->475 479->480 484 7ff799673947-7ff79967396a call 7ff799671b30 480->484 485 7ff799673991-7ff7996739c1 call 7ff799673270 call 7ff7996730b0 call 7ff799673260 call 7ff799675890 call 7ff799675dc0 480->485 483->402 510 7ff799673a18-7ff799673a2b call 7ff799673270 call 7ff799676fd0 483->510 484->402 497 7ff799673970-7ff79967397b 484->497 485->404 486->487 498 7ff7996738eb-7ff7996738fa call 7ff799675c90 486->498 487->457 501 7ff799673980-7ff79967398f 497->501 498->466 501->485 501->501 518 7ff799673a30-7ff799673a4d call 7ff799675890 call 7ff799675dc0 510->518 523 7ff799673a57-7ff799673a61 call 7ff799671ab0 518->523 524 7ff799673a4f-7ff799673a52 call 7ff799676c90 518->524 523->404 524->523
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00007FF799673BA0: GetModuleFileNameW.KERNEL32(?,00007FF799673699), ref: 00007FF799673BD1
                                                                                                                                                                                      • SetDllDirectoryW.KERNEL32 ref: 00007FF7996738A5
                                                                                                                                                                                        • Part of subcall function 00007FF799676990: GetEnvironmentVariableW.KERNEL32(00007FF7996736E7), ref: 00007FF7996769CA
                                                                                                                                                                                        • Part of subcall function 00007FF799676990: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7996769E7
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                                                                      • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                      • API String ID: 2344891160-3602715111
                                                                                                                                                                                      • Opcode ID: 44b475a59b26ac604398257d32b032ffcccbc2e891c2c812d1ce445b27ff6486
                                                                                                                                                                                      • Instruction ID: 17648c3f57edaf7d73939be241e71ec42d2b6b071b4714ccadf525874e1cfd54
                                                                                                                                                                                      • Opcode Fuzzy Hash: 44b475a59b26ac604398257d32b032ffcccbc2e891c2c812d1ce445b27ff6486
                                                                                                                                                                                      • Instruction Fuzzy Hash: A4B18F21A1C78355FA70BF31A9516FDA2B2BF44784FC0013AEA6D47796EE2CE6048730
                                                                                                                                                                                      Function 00007FF799671050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 528 7ff799671050-7ff7996710ab call 7ff79967a610 531 7ff7996710ad-7ff7996710d2 call 7ff799672770 528->531 532 7ff7996710d3-7ff7996710eb call 7ff7996840b0 528->532 537 7ff7996710ed-7ff799671104 call 7ff7996724d0 532->537 538 7ff799671109-7ff799671119 call 7ff7996840b0 532->538 543 7ff79967126c-7ff799671281 call 7ff79967a2f0 call 7ff79968409c * 2 537->543 544 7ff79967111b-7ff799671132 call 7ff7996724d0 538->544 545 7ff799671137-7ff799671147 538->545 561 7ff799671286-7ff7996712a0 543->561 544->543 548 7ff799671150-7ff799671175 call 7ff79967f5fc 545->548 554 7ff79967125e 548->554 555 7ff79967117b-7ff799671185 call 7ff79967f370 548->555 559 7ff799671264 554->559 555->554 562 7ff79967118b-7ff799671197 555->562 559->543 563 7ff7996711a0-7ff7996711c8 call 7ff799678a60 562->563 566 7ff7996711ca-7ff7996711cd 563->566 567 7ff799671241-7ff79967125c call 7ff799672770 563->567 568 7ff79967123c 566->568 569 7ff7996711cf-7ff7996711d9 566->569 567->559 568->567 571 7ff7996711db-7ff7996711e8 call 7ff79967fd3c 569->571 572 7ff799671203-7ff799671206 569->572 579 7ff7996711ed-7ff7996711f0 571->579 574 7ff799671219-7ff79967121e 572->574 575 7ff799671208-7ff799671216 call 7ff79967bb60 572->575 574->563 578 7ff799671220-7ff799671223 574->578 575->574 581 7ff799671237-7ff79967123a 578->581 582 7ff799671225-7ff799671228 578->582 583 7ff7996711fe-7ff799671201 579->583 584 7ff7996711f2-7ff7996711fc call 7ff79967f370 579->584 581->559 582->567 585 7ff79967122a-7ff799671232 582->585 583->567 584->574 584->583 585->548
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Message
                                                                                                                                                                                      • String ID: 1.2.13$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                      • API String ID: 2030045667-1655038675
                                                                                                                                                                                      • Opcode ID: 833a19a7183c3a67044c39a1e7c8a53260805929faaaf04ce1acbdda8b337b7b
                                                                                                                                                                                      • Instruction ID: f57c4f518c918a6e20799b0583e1d9bb7b7502fd1792ec44fdb04e568c8c42f8
                                                                                                                                                                                      • Opcode Fuzzy Hash: 833a19a7183c3a67044c39a1e7c8a53260805929faaaf04ce1acbdda8b337b7b
                                                                                                                                                                                      • Instruction Fuzzy Hash: A551B332A0978285FA30BF71E4403BAA2B2FB84798F954136DE6D47795EE3CE585C710
                                                                                                                                                                                      Function 00007FF79968AF2C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 660 7ff79968af2c-7ff79968af52 661 7ff79968af54-7ff79968af68 call 7ff799684424 call 7ff799684444 660->661 662 7ff79968af6d-7ff79968af71 660->662 680 7ff79968b35e 661->680 664 7ff79968b347-7ff79968b353 call 7ff799684424 call 7ff799684444 662->664 665 7ff79968af77-7ff79968af7e 662->665 682 7ff79968b359 call 7ff799689db0 664->682 665->664 667 7ff79968af84-7ff79968afb2 665->667 667->664 670 7ff79968afb8-7ff79968afbf 667->670 674 7ff79968afc1-7ff79968afd3 call 7ff799684424 call 7ff799684444 670->674 675 7ff79968afd8-7ff79968afdb 670->675 674->682 678 7ff79968afe1-7ff79968afe7 675->678 679 7ff79968b343-7ff79968b345 675->679 678->679 684 7ff79968afed-7ff79968aff0 678->684 683 7ff79968b361-7ff79968b378 679->683 680->683 682->680 684->674 687 7ff79968aff2-7ff79968b017 684->687 689 7ff79968b019-7ff79968b01b 687->689 690 7ff79968b04a-7ff79968b051 687->690 693 7ff79968b042-7ff79968b048 689->693 694 7ff79968b01d-7ff79968b024 689->694 691 7ff79968b053-7ff79968b07b call 7ff79968cacc call 7ff799689e18 * 2 690->691 692 7ff79968b026-7ff79968b03d call 7ff799684424 call 7ff799684444 call 7ff799689db0 690->692 723 7ff79968b098-7ff79968b0c3 call 7ff79968b754 691->723 724 7ff79968b07d-7ff79968b093 call 7ff799684444 call 7ff799684424 691->724 721 7ff79968b1d0 692->721 695 7ff79968b0c8-7ff79968b0df 693->695 694->692 694->693 698 7ff79968b0e1-7ff79968b0e9 695->698 699 7ff79968b15a-7ff79968b164 call 7ff799692a3c 695->699 698->699 702 7ff79968b0eb-7ff79968b0ed 698->702 712 7ff79968b16a-7ff79968b17f 699->712 713 7ff79968b1ee 699->713 702->699 706 7ff79968b0ef-7ff79968b105 702->706 706->699 710 7ff79968b107-7ff79968b113 706->710 710->699 717 7ff79968b115-7ff79968b117 710->717 712->713 715 7ff79968b181-7ff79968b193 GetConsoleMode 712->715 719 7ff79968b1f3-7ff79968b213 ReadFile 713->719 715->713 720 7ff79968b195-7ff79968b19d 715->720 717->699 722 7ff79968b119-7ff79968b131 717->722 725 7ff79968b219-7ff79968b221 719->725 726 7ff79968b30d-7ff79968b316 GetLastError 719->726 720->719 728 7ff79968b19f-7ff79968b1c1 ReadConsoleW 720->728 731 7ff79968b1d3-7ff79968b1dd call 7ff799689e18 721->731 722->699 732 7ff79968b133-7ff79968b13f 722->732 723->695 724->721 725->726 734 7ff79968b227 725->734 729 7ff79968b333-7ff79968b336 726->729 730 7ff79968b318-7ff79968b32e call 7ff799684444 call 7ff799684424 726->730 736 7ff79968b1e2-7ff79968b1ec 728->736 737 7ff79968b1c3 GetLastError 728->737 741 7ff79968b1c9-7ff79968b1cb call 7ff7996843b8 729->741 742 7ff79968b33c-7ff79968b33e 729->742 730->721 731->683 732->699 740 7ff79968b141-7ff79968b143 732->740 744 7ff79968b22e-7ff79968b243 734->744 736->744 737->741 740->699 749 7ff79968b145-7ff79968b155 740->749 741->721 742->731 744->731 745 7ff79968b245-7ff79968b250 744->745 751 7ff79968b252-7ff79968b26b call 7ff79968ab44 745->751 752 7ff79968b277-7ff79968b27f 745->752 749->699 760 7ff79968b270-7ff79968b272 751->760 756 7ff79968b281-7ff79968b293 752->756 757 7ff79968b2fb-7ff79968b308 call 7ff79968a984 752->757 761 7ff79968b295 756->761 762 7ff79968b2ee-7ff79968b2f6 756->762 757->760 760->731 764 7ff79968b29a-7ff79968b2a1 761->764 762->731 765 7ff79968b2a3-7ff79968b2a7 764->765 766 7ff79968b2dd-7ff79968b2e8 764->766 767 7ff79968b2c3 765->767 768 7ff79968b2a9-7ff79968b2b0 765->768 766->762 770 7ff79968b2c9-7ff79968b2d9 767->770 768->767 769 7ff79968b2b2-7ff79968b2b6 768->769 769->767 771 7ff79968b2b8-7ff79968b2c1 769->771 770->764 772 7ff79968b2db 770->772 771->770 772->762
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                      • Opcode ID: 184652ea66a00c646f0d6e367f8fa0d47b8fb75159f9cd0cc9461bb9675fa9ff
                                                                                                                                                                                      • Instruction ID: 86794c04b9ad55259dcab2fc59ee1da035b8b22dfdb04dc0f5ab28f01c238609
                                                                                                                                                                                      • Opcode Fuzzy Hash: 184652ea66a00c646f0d6e367f8fa0d47b8fb75159f9cd0cc9461bb9675fa9ff
                                                                                                                                                                                      • Instruction Fuzzy Hash: C1C1B232A1C686C2F671AF36A4502BDFBB2EBC5B80F990131DA6D07791DE7DE4458320
                                                                                                                                                                                      Function 00007FF79968C430 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 850 7ff79968c430-7ff79968c455 851 7ff79968c723 850->851 852 7ff79968c45b-7ff79968c45e 850->852 853 7ff79968c725-7ff79968c735 851->853 854 7ff79968c460-7ff79968c492 call 7ff799689ce4 852->854 855 7ff79968c497-7ff79968c4c3 852->855 854->853 857 7ff79968c4c5-7ff79968c4cc 855->857 858 7ff79968c4ce-7ff79968c4d4 855->858 857->854 857->858 860 7ff79968c4e4-7ff79968c4f9 call 7ff799692a3c 858->860 861 7ff79968c4d6-7ff79968c4df call 7ff79968b7f0 858->861 865 7ff79968c4ff-7ff79968c508 860->865 866 7ff79968c613-7ff79968c61c 860->866 861->860 865->866 869 7ff79968c50e-7ff79968c512 865->869 867 7ff79968c670-7ff79968c695 WriteFile 866->867 868 7ff79968c61e-7ff79968c624 866->868 874 7ff79968c6a0 867->874 875 7ff79968c697-7ff79968c69d GetLastError 867->875 870 7ff79968c626-7ff79968c629 868->870 871 7ff79968c65c-7ff79968c66e call 7ff79968bee8 868->871 872 7ff79968c523-7ff79968c52e 869->872 873 7ff79968c514-7ff79968c51c call 7ff799683a20 869->873 877 7ff79968c648-7ff79968c65a call 7ff79968c108 870->877 878 7ff79968c62b-7ff79968c62e 870->878 898 7ff79968c600-7ff79968c607 871->898 880 7ff79968c53f-7ff79968c554 GetConsoleMode 872->880 881 7ff79968c530-7ff79968c539 872->881 873->872 876 7ff79968c6a3 874->876 875->874 883 7ff79968c6a8 876->883 877->898 884 7ff79968c6b4-7ff79968c6be 878->884 885 7ff79968c634-7ff79968c646 call 7ff79968bfec 878->885 888 7ff79968c55a-7ff79968c560 880->888 889 7ff79968c60c 880->889 881->866 881->880 891 7ff79968c6ad 883->891 892 7ff79968c6c0-7ff79968c6c5 884->892 893 7ff79968c71c-7ff79968c721 884->893 885->898 896 7ff79968c566-7ff79968c569 888->896 897 7ff79968c5e9-7ff79968c5fb call 7ff79968ba70 888->897 889->866 891->884 899 7ff79968c6f3-7ff79968c6fd 892->899 900 7ff79968c6c7-7ff79968c6ca 892->900 893->853 902 7ff79968c574-7ff79968c582 896->902 903 7ff79968c56b-7ff79968c56e 896->903 897->898 898->883 909 7ff79968c6ff-7ff79968c702 899->909 910 7ff79968c704-7ff79968c713 899->910 907 7ff79968c6e3-7ff79968c6ee call 7ff799684400 900->907 908 7ff79968c6cc-7ff79968c6db 900->908 905 7ff79968c5e0-7ff79968c5e4 902->905 906 7ff79968c584 902->906 903->891 903->902 905->876 911 7ff79968c588-7ff79968c59f call 7ff799692b08 906->911 907->899 908->907 909->851 909->910 910->893 916 7ff79968c5a1-7ff79968c5ad 911->916 917 7ff79968c5d7-7ff79968c5dd GetLastError 911->917 918 7ff79968c5af-7ff79968c5c1 call 7ff799692b08 916->918 919 7ff79968c5cc-7ff79968c5d3 916->919 917->905 918->917 923 7ff79968c5c3-7ff79968c5ca 918->923 919->905 921 7ff79968c5d5 919->921 921->911 923->919
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF79968C41B), ref: 00007FF79968C54C
                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF79968C41B), ref: 00007FF79968C5D7
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ConsoleErrorLastMode
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 953036326-0
                                                                                                                                                                                      • Opcode ID: f410d9e07cb2d854853af875ff306a0e9c9ee922f70c4cde11a48ef332fbc2ec
                                                                                                                                                                                      • Instruction ID: 30e1ae8f8c507c5048c9ea03a093e4303d58a9be075483731615929946d2bb71
                                                                                                                                                                                      • Opcode Fuzzy Hash: f410d9e07cb2d854853af875ff306a0e9c9ee922f70c4cde11a48ef332fbc2ec
                                                                                                                                                                                      • Instruction Fuzzy Hash: DA91F362E08652C5F770AF3694402BDEBB2BB54B88F941139DE1E63A84DF3DD481C720
                                                                                                                                                                                      Function 00007FF79968E8DC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _get_daylight$_isindst
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4170891091-0
                                                                                                                                                                                      • Opcode ID: d5d13d1c94d14ccfec0c44e7243bbda22246c77cf8c41a11f0b86d98f8b3a05c
                                                                                                                                                                                      • Instruction ID: e92c1dbe71704b4ad52ac3e1861d64b67b3d45503ff5c413f7315d4876d9ea63
                                                                                                                                                                                      • Opcode Fuzzy Hash: d5d13d1c94d14ccfec0c44e7243bbda22246c77cf8c41a11f0b86d98f8b3a05c
                                                                                                                                                                                      • Instruction Fuzzy Hash: D0513672F046119AFB34FF3599412BCE7B2BB20758F944236ED2E52AE5DB3CA4028710
                                                                                                                                                                                      Function 00007FF7996847D4 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2780335769-0
                                                                                                                                                                                      • Opcode ID: 1c70a69b05d9cb3f6248f84cd75ebf1bef0caf7e7cf88daad42b4853df974b62
                                                                                                                                                                                      • Instruction ID: 2f4463b02272823199f381ae2541845f89a0b6f59e2d5a136eda8eefcafe236e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c70a69b05d9cb3f6248f84cd75ebf1bef0caf7e7cf88daad42b4853df974b62
                                                                                                                                                                                      • Instruction Fuzzy Hash: 21517D63E086418AFB20EF72D4503BDB3B2AB48B98F954535DE2D57689DF38D4518320
                                                                                                                                                                                      Function 00007FF79967B19C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1452418845-0
                                                                                                                                                                                      • Opcode ID: 90a7fcc3a81af5bf04ad81541e301d7d9fb9f11ea0fdd18d74326f9016f6428e
                                                                                                                                                                                      • Instruction ID: ef98173b451e7d1330a28b0dce26b1527f427888adae5cffd3e70a97cbe7e631
                                                                                                                                                                                      • Opcode Fuzzy Hash: 90a7fcc3a81af5bf04ad81541e301d7d9fb9f11ea0fdd18d74326f9016f6428e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C31F321E0D20285FA74BF75A4153B9A2B3AF91784FC94035EA3E4B3D7DE2CE8459271
                                                                                                                                                                                      Function 00007FF799684680 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1279662727-0
                                                                                                                                                                                      • Opcode ID: aa6a3d9890cc6a7f195a6e990ba186583f2f0d5ddde8471eaaef5ef51b0941e7
                                                                                                                                                                                      • Instruction ID: f762ca71b1e01dd6d4904cb3212db958e1fba7dc521749b55fee4a5eaa0534a8
                                                                                                                                                                                      • Opcode Fuzzy Hash: aa6a3d9890cc6a7f195a6e990ba186583f2f0d5ddde8471eaaef5ef51b0941e7
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D418323D1878183F764AF329510379E2B2FB997A4F509334E6AC03AD5DF6CA5E08710
                                                                                                                                                                                      Function 00007FF79967F39C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                      • Opcode ID: e6b31fcbb010569d964db91d6e465c54053a5eb593f9b70391a20bf1ad845ba7
                                                                                                                                                                                      • Instruction ID: 359c939177313f5bf838d56d762ae192c8cfef23f85c4250f8bf1fe814172ced
                                                                                                                                                                                      • Opcode Fuzzy Hash: e6b31fcbb010569d964db91d6e465c54053a5eb593f9b70391a20bf1ad845ba7
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C51A961B0974286FA74AE3A9400A7AE2B2BF44BB4F944735DE7D477CACF3CD4018620
                                                                                                                                                                                      Function 00007FF79968B604 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SetFilePointerEx.KERNELBASE(?,?,?,?,00000000,00007FF79968B79D), ref: 00007FF79968B650
                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,00000000,00007FF79968B79D), ref: 00007FF79968B65A
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorFileLastPointer
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2976181284-0
                                                                                                                                                                                      • Opcode ID: ff2257711b1d275b862e663729d543ef4812b290fbf882e2e1232765a84f7875
                                                                                                                                                                                      • Instruction ID: 9cf9790c8b63c433ebf01f5e397d80e41410f2b3d4c9795c83f2626af0fab164
                                                                                                                                                                                      • Opcode Fuzzy Hash: ff2257711b1d275b862e663729d543ef4812b290fbf882e2e1232765a84f7875
                                                                                                                                                                                      • Instruction Fuzzy Hash: D81182A2618B4181EA20AF36A504169E772AB85BF4FD84331EA7D477D9DF7CD0558700
                                                                                                                                                                                      Function 00007FF79968497C Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF799684891), ref: 00007FF7996849AF
                                                                                                                                                                                      • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF799684891), ref: 00007FF7996849C5
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1707611234-0
                                                                                                                                                                                      • Opcode ID: 42d85f7bbfb38a33647f37402af2049ec243a38652db21839daf1665d9964160
                                                                                                                                                                                      • Instruction ID: 67b5d8e9862b8b5e74c55abd5850803be5e77436a7d202cdeb972b2f9050d793
                                                                                                                                                                                      • Opcode Fuzzy Hash: 42d85f7bbfb38a33647f37402af2049ec243a38652db21839daf1665d9964160
                                                                                                                                                                                      • Instruction Fuzzy Hash: D011917260C642C2FA74AF22A45107AF7B2FB85771F900236F6AD859D8EF2CD044DB20
                                                                                                                                                                                      Function 00007FF799689E18 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RtlFreeHeap.NTDLL(?,?,?,00007FF799691E42,?,?,?,00007FF799691E7F,?,?,00000000,00007FF799692345,?,?,?,00007FF799692277), ref: 00007FF799689E2E
                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF799691E42,?,?,?,00007FF799691E7F,?,?,00000000,00007FF799692345,?,?,?,00007FF799692277), ref: 00007FF799689E38
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorFreeHeapLast
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 485612231-0
                                                                                                                                                                                      • Opcode ID: 875bb2537aa3df01b4a1e34b7b101e94a2dc47b4cb64fa0c1180c15e07a79d81
                                                                                                                                                                                      • Instruction ID: dbeda37524fa50c5b5854ae42925c430ec97fecaec647612b48f2ab46d76bec2
                                                                                                                                                                                      • Opcode Fuzzy Hash: 875bb2537aa3df01b4a1e34b7b101e94a2dc47b4cb64fa0c1180c15e07a79d81
                                                                                                                                                                                      • Instruction Fuzzy Hash: DAE08651F0D602C3FF387FB35849039D2B35F48B81BC44034CA2D46251EE2C68458230
                                                                                                                                                                                      Function 00007FF79968A028 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CloseHandle.KERNELBASE(?,?,?,00007FF799689EA5,?,?,00000000,00007FF799689F5A), ref: 00007FF79968A096
                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF799689EA5,?,?,00000000,00007FF799689F5A), ref: 00007FF79968A0A0
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseErrorHandleLast
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 918212764-0
                                                                                                                                                                                      • Opcode ID: 649148bb364a2e2bb6c01b4b98e8ba63ccdb9764b03dbbc10b4a89a301f042aa
                                                                                                                                                                                      • Instruction ID: 1e0f2eefaee9c4e309e563f10448470ff90ea0ba2d22df45376155c7b613c6d4
                                                                                                                                                                                      • Opcode Fuzzy Hash: 649148bb364a2e2bb6c01b4b98e8ba63ccdb9764b03dbbc10b4a89a301f042aa
                                                                                                                                                                                      • Instruction Fuzzy Hash: DC219F21B2C64281FA70BF36A454379D6B3AF847E8FC44235DA3E477D2DE6CA4458320
                                                                                                                                                                                      Function 00007FF79968B37C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                      • Opcode ID: ce9b52f680c1b5a7cbc95938458c13a1dbec8158119413affe32dcc0b3335035
                                                                                                                                                                                      • Instruction ID: 35a90b5fe2d3c6857cdd0120ef2336a50a6dda7400d0510dc451b3adbe2297be
                                                                                                                                                                                      • Opcode Fuzzy Hash: ce9b52f680c1b5a7cbc95938458c13a1dbec8158119413affe32dcc0b3335035
                                                                                                                                                                                      • Instruction Fuzzy Hash: A541C332918601C7FA34EE36A551279F3B2EB96B41F981131D7AE936D5CF2CE402C761
                                                                                                                                                                                      Function 00007FF799677200 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _fread_nolock
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 840049012-0
                                                                                                                                                                                      • Opcode ID: b10f482a5bee1f93672b7d5764375bcfac5251fcf26074c2ebbef45581cba22d
                                                                                                                                                                                      • Instruction ID: a557b2267482cd5e8ac648d8fb001619fb6baf0d9ce33e83678803ef10fac7ee
                                                                                                                                                                                      • Opcode Fuzzy Hash: b10f482a5bee1f93672b7d5764375bcfac5251fcf26074c2ebbef45581cba22d
                                                                                                                                                                                      • Instruction Fuzzy Hash: F9218221B1979185FA31BE3269047BAE6A7BF45BD4FC84430EE2D07786CE7DE141C620
                                                                                                                                                                                      Function 00007FF79968AE0C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                      • Opcode ID: 47f2cb7360056a46563935c31beadd7a45ae652dec1b657f4a22353b163fa2db
                                                                                                                                                                                      • Instruction ID: c8791a88574331bda70ec47f18630e900064c4328027a1a39bca146c3aea5c51
                                                                                                                                                                                      • Opcode Fuzzy Hash: 47f2cb7360056a46563935c31beadd7a45ae652dec1b657f4a22353b163fa2db
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C319A22A18A52C1F771BF768800378E6B2AB84BA0FC10635EA3D037D2DF7CA4418731
                                                                                                                                                                                      Function 00007FF7996854C8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                      • Opcode ID: be1079961907d1906d587a3e65c1e024338dd0a3e917ec7f85ba85c18500dcb2
                                                                                                                                                                                      • Instruction ID: 19b1c3514b8161615b6b0f7be0a662435f2f2cc3a15f0a27e21e0f4a7c588c71
                                                                                                                                                                                      • Opcode Fuzzy Hash: be1079961907d1906d587a3e65c1e024338dd0a3e917ec7f85ba85c18500dcb2
                                                                                                                                                                                      • Instruction Fuzzy Hash: B1114D22A1D681C1FB70BF6394006B9E2B2EF85B80FC44471EAAC57A96DF7CD4408765
                                                                                                                                                                                      Function 00007FF79969575C Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                      • Opcode ID: bc68aba4551d34184bb05bda2552568f64e358e9307c55527e30db01171bb599
                                                                                                                                                                                      • Instruction ID: afb4cb9c84c4b16672b249610fa4c043537a43d8cb9933a40348c3cdc68e5ab2
                                                                                                                                                                                      • Opcode Fuzzy Hash: bc68aba4551d34184bb05bda2552568f64e358e9307c55527e30db01171bb599
                                                                                                                                                                                      • Instruction Fuzzy Hash: 68219232A18A4187EB71AF29E440379B6B2EB84B94F944235EB6D476D9DF3DD5008B10
                                                                                                                                                                                      Function 00007FF79967F61C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                      • Opcode ID: f8ccbbb08b6b64fca274b3102351a157ba9f641dbe881e0fbefe782dfe020abd
                                                                                                                                                                                      • Instruction ID: 1e1809824cadbbab094565f335c9ee9a554a4d9770c799cf128da6c9ccde3737
                                                                                                                                                                                      • Opcode Fuzzy Hash: f8ccbbb08b6b64fca274b3102351a157ba9f641dbe881e0fbefe782dfe020abd
                                                                                                                                                                                      • Instruction Fuzzy Hash: 07015221A0874241F924EF769A01469E6B6AB45FE4F884631DE7C57BDADE3CD4014720
                                                                                                                                                                                      Function 00007FF799686378 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                      • Opcode ID: 6f6adecfb5bad98c5c42fe003c81079e6b3f0dd6313af18c674d8974214f62bd
                                                                                                                                                                                      • Instruction ID: 039a689eeea1a894860637e88426df5775e5a15eedb46335904d46d61cabacb0
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f6adecfb5bad98c5c42fe003c81079e6b3f0dd6313af18c674d8974214f62bd
                                                                                                                                                                                      • Instruction Fuzzy Hash: FB018C20E0DA46C2FE707F3B6641279DAB2AF057A0FD46235EA7D426C6DF7DA4418231
                                                                                                                                                                                      Function 00007FF7996866B4 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                      • Opcode ID: 941a86941730833d6478beb8ac9be3d47737e734966101895db6565f81f02151
                                                                                                                                                                                      • Instruction ID: 1eef4c2d5d0703cac96219034cad2d426e411382e25917b11ac7a81206c194cb
                                                                                                                                                                                      • Opcode Fuzzy Hash: 941a86941730833d6478beb8ac9be3d47737e734966101895db6565f81f02151
                                                                                                                                                                                      • Instruction Fuzzy Hash: FAE01291E09387C7FE747FB34A821B8D5329F28340FD05035DA29072C3DD2CA8849A36
                                                                                                                                                                                      Function 00007FF79968DD40 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • HeapAlloc.KERNEL32(?,?,00000000,00007FF79968A8B6,?,?,?,00007FF799689A73,?,?,00000000,00007FF799689D0E), ref: 00007FF79968DD95
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AllocHeap
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4292702814-0
                                                                                                                                                                                      • Opcode ID: 2e0f3e4b2c9ccc38d96cb592f5054ed38be707e8bf6a1ab6843b3be497aa41a7
                                                                                                                                                                                      • Instruction ID: e976644be2ce1d09281c2d8874e8c7cd721e3fe9a32ddcce93ff72a11234caff
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e0f3e4b2c9ccc38d96cb592f5054ed38be707e8bf6a1ab6843b3be497aa41a7
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0DF0FF54B59602C3FEB97E7355613B5D6B65F89B80F885570C92D962D2DD1CF4408330
                                                                                                                                                                                      Function 00007FF79968CACC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • HeapAlloc.KERNEL32(?,?,?,00007FF79967FE44,?,?,?,00007FF799681356,?,?,?,?,?,00007FF799682949), ref: 00007FF79968CB0A
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AllocHeap
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4292702814-0
                                                                                                                                                                                      • Opcode ID: c69b2b415516246c39874758743c65376e97b2ba2b88f646b423658d781f7dfd
                                                                                                                                                                                      • Instruction ID: 08d29385460776f724063a97913c8b6d9de385e3289545aa7d7ddcc484018619
                                                                                                                                                                                      • Opcode Fuzzy Hash: c69b2b415516246c39874758743c65376e97b2ba2b88f646b423658d781f7dfd
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7BF05810B1D642C5FF347EB35910275D1B64F487E0F884631D93E962C2EE2DA8808230

                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                      Function 00007FF799673DF0 Relevance: 291.0, APIs: 55, Strings: 111, Instructions: 457libraryloaderCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AddressProc
                                                                                                                                                                                      • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UTF8Mode$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UTF8Mode$Py_UnbufferedStdioFlag$Py_VerboseFlag
                                                                                                                                                                                      • API String ID: 190572456-3109299426
                                                                                                                                                                                      • Opcode ID: 67747be8a076f706c1c9372e7d2496993eaa02b7082083ef588a9e8b618be952
                                                                                                                                                                                      • Instruction ID: af28a62bc28cbfff440a094cc9098a9a928246895e0df10b99074c1d16a3e3b6
                                                                                                                                                                                      • Opcode Fuzzy Hash: 67747be8a076f706c1c9372e7d2496993eaa02b7082083ef588a9e8b618be952
                                                                                                                                                                                      • Instruction Fuzzy Hash: 40426F64A0EB0791FA75FF34B854174A2B3AF88794BC85176C92E06364EF7CF6589220
                                                                                                                                                                                      Function 00007FF799671B90 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 188windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$Window$Create$Move$ObjectSelect$#380BaseClientDialogDrawFontIndirectInfoParametersRectReleaseSystemTextUnits
                                                                                                                                                                                      • String ID: BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
                                                                                                                                                                                      • API String ID: 2446303242-1601438679
                                                                                                                                                                                      • Opcode ID: 47b3578659853d453a5822a751c8e2f63cfdf798862dd1eeebf7592aa26dc86d
                                                                                                                                                                                      • Instruction ID: 8efebc3e1171f3e2d67e87de0389b4b7f97b33dabfed5e3396ae1e20e574dc68
                                                                                                                                                                                      • Opcode Fuzzy Hash: 47b3578659853d453a5822a751c8e2f63cfdf798862dd1eeebf7592aa26dc86d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 49A17A36208B8187E724DF21E55479AB3B1F788B94F90412AEB9D43B24CF3DE1A5CB50
                                                                                                                                                                                      Function 00007FF7996931CC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                      • API String ID: 808467561-2761157908
                                                                                                                                                                                      • Opcode ID: 46fb5d0366b8e1e712cdd684d815614daf2c7cda5b16cac76ba58e706ef79b66
                                                                                                                                                                                      • Instruction ID: 288b9120d41b075ca7edd8ee452978517ef0394587cd644b6e8e6bf7e867fef9
                                                                                                                                                                                      • Opcode Fuzzy Hash: 46fb5d0366b8e1e712cdd684d815614daf2c7cda5b16cac76ba58e706ef79b66
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7FB2D272A182928BF7349F74D540BFDB7B2FB54788F805179DA2D57A84DB38E9008B60
                                                                                                                                                                                      Function 00007FF7996774B0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,00007FF7996726A0), ref: 00007FF7996774D7
                                                                                                                                                                                      • FormatMessageW.KERNEL32(00000000,00007FF7996726A0), ref: 00007FF799677506
                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32 ref: 00007FF79967755C
                                                                                                                                                                                        • Part of subcall function 00007FF799672620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF799677744,?,?,?,?,?,?,?,?,?,?,?,00007FF79967101D), ref: 00007FF799672654
                                                                                                                                                                                        • Part of subcall function 00007FF799672620: MessageBoxW.USER32 ref: 00007FF79967272C
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorLastMessage$ByteCharFormatMultiWide
                                                                                                                                                                                      • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                      • API String ID: 2920928814-2573406579
                                                                                                                                                                                      • Opcode ID: 8b0166d5a5045c769a8e77ad43af0852bc728ff9b5502801be361ecb61f6b2fa
                                                                                                                                                                                      • Instruction ID: fb7703c45835701ef563cd127fffc2657897b76f74b9e454fbf81cb824c42b0b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b0166d5a5045c769a8e77ad43af0852bc728ff9b5502801be361ecb61f6b2fa
                                                                                                                                                                                      • Instruction Fuzzy Hash: FB211071A18B4282F770AF35E854266A3B7FB88384FC40135D56D82795EF7CE545C760
                                                                                                                                                                                      Function 00007FF79967B69C Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3140674995-0
                                                                                                                                                                                      • Opcode ID: 24fff5600ca101af0e2334446d678d156eb325a0e0e0c0538aba544f51e330ab
                                                                                                                                                                                      • Instruction ID: a9708fb7a3e633e3eb38e7d45f224c5d3cb3a5af0e966f563d7cd089b86e752e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 24fff5600ca101af0e2334446d678d156eb325a0e0e0c0538aba544f51e330ab
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4031FB76609B8186EB70AF74E8803E9A3B5FB84748F84443ADA5D47B98DF39D548C720
                                                                                                                                                                                      Function 00007FF799689AE4 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1239891234-0
                                                                                                                                                                                      • Opcode ID: 4204087c2144b4154cc610f07160e172692864cccd6c23e577d201b1c5d7dbdf
                                                                                                                                                                                      • Instruction ID: e02bac7b03dbe61250b26fd3c13de4a0cf2c8a16a0d12732deda991ae49560da
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4204087c2144b4154cc610f07160e172692864cccd6c23e577d201b1c5d7dbdf
                                                                                                                                                                                      • Instruction Fuzzy Hash: AE315D36618B8186EB709F35E8402AEB3B5FB89758F940136EAAD43B95DF38D145CB10
                                                                                                                                                                                      Function 00007FF7996909B4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2227656907-0
                                                                                                                                                                                      • Opcode ID: 1a8060551746b007c23963201f19a9fa9ddec40a19b74045b76b4ab8f762ca91
                                                                                                                                                                                      • Instruction ID: 626e5933edbde6d71bf49e8fefc7ece27d86cf5c8d2fa147fde69814f6b31543
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1a8060551746b007c23963201f19a9fa9ddec40a19b74045b76b4ab8f762ca91
                                                                                                                                                                                      • Instruction Fuzzy Hash: F8B1A322B1869281FA70AF3694041B9E3B2EF45BE4FD45172EE6E47B89DE3CE441C350
                                                                                                                                                                                      Function 00007FF799692D30 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: memcpy_s
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1502251526-0
                                                                                                                                                                                      • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                      • Instruction ID: 5f3f773494876914bf03129c0596bb6fa50943519a568eca35e43c568d0255d9
                                                                                                                                                                                      • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                      • Instruction Fuzzy Hash: A0C10672B1828687EB34DF25A044A6AF7B2F784B88F848139DB5E47754DB3DE805CB50
                                                                                                                                                                                      Function 00007FF799698B68 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 15204871-0
                                                                                                                                                                                      • Opcode ID: 34bf4ba4d1f77b159a602f4f3a79dc58b46c4397abc6f90fe1b78d3c276b8e03
                                                                                                                                                                                      • Instruction ID: 82a8a090ea5711e4e29ca30e29164bc71dacb41a3a5bd6524a82a6c6c91a3c3a
                                                                                                                                                                                      • Opcode Fuzzy Hash: 34bf4ba4d1f77b159a602f4f3a79dc58b46c4397abc6f90fe1b78d3c276b8e03
                                                                                                                                                                                      • Instruction Fuzzy Hash: 63B16B73604B898BFB25CF39C846368BBB1F784B48F598962DA6D837A4CB39D451C710
                                                                                                                                                                                      Function 00007FF799677820 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2295610775-0
                                                                                                                                                                                      • Opcode ID: b154a429360a9d8fc422caeeb97d2d39407f5ca637504bf6a4efef03296319f0
                                                                                                                                                                                      • Instruction ID: 529c263646e1b78c74edd339f47d51a6586a5edb5e6b3772105f477338b7700c
                                                                                                                                                                                      • Opcode Fuzzy Hash: b154a429360a9d8fc422caeeb97d2d39407f5ca637504bf6a4efef03296319f0
                                                                                                                                                                                      • Instruction Fuzzy Hash: B1F0A432A2878186F7709F70E4447AAB3E1BB44768F800335D67D026D4DF3CD009CA10
                                                                                                                                                                                      Function 00007FF799682C04 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: $
                                                                                                                                                                                      • API String ID: 0-227171996
                                                                                                                                                                                      • Opcode ID: 2d8c388a4af4e59f7aa018185c24a80b808f927c20487c79df8fa8b9671cd73b
                                                                                                                                                                                      • Instruction ID: ead4230ac6688c94ffdd1a177ddeb08e3cb716eabde5b40b6df905de0ee097d5
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d8c388a4af4e59f7aa018185c24a80b808f927c20487c79df8fa8b9671cd73b
                                                                                                                                                                                      • Instruction Fuzzy Hash: 46E1B072A08646C6FB78AE37815453DE7B2FF44BC8F944235DA2E07694DF29E842C760
                                                                                                                                                                                      Function 00007FF79968D098 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: e+000$gfff
                                                                                                                                                                                      • API String ID: 0-3030954782
                                                                                                                                                                                      • Opcode ID: e8ad3313ac50deca76865dcff50c63e8317fb702a62c77948e89599ff08dba86
                                                                                                                                                                                      • Instruction ID: 94c0c3dfe1208e277667219267643242b15584c8d2402e12e228355a0c5fa554
                                                                                                                                                                                      • Opcode Fuzzy Hash: e8ad3313ac50deca76865dcff50c63e8317fb702a62c77948e89599ff08dba86
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A513832B182C587F7349E369960769E7A2EB45B94F888231CBAC47AC5CE3DE4448720
                                                                                                                                                                                      Function 00007FF79968CC04 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: gfffffff
                                                                                                                                                                                      • API String ID: 0-1523873471
                                                                                                                                                                                      • Opcode ID: 24567b7b7ad9cc25883cfe86a0af8cdb31fb8148e1153fa934f37376d4be2ae6
                                                                                                                                                                                      • Instruction ID: d372ea775c5c2969632b78e93827bd2a83f5ae6d0f7d2ec16bff7c914683e37e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 24567b7b7ad9cc25883cfe86a0af8cdb31fb8148e1153fa934f37376d4be2ae6
                                                                                                                                                                                      • Instruction Fuzzy Hash: 83A12462A0878586FB31DF3AA0507B9FBB2EB55BC4F848032DA6D47795DA3EE401C711
                                                                                                                                                                                      Function 00007FF799686F98 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                      • String ID: TMP
                                                                                                                                                                                      • API String ID: 3215553584-3125297090
                                                                                                                                                                                      • Opcode ID: a95fe7b9809f20d24c45d18936c36fa2317ccb405fffb6bad0c56651588825d4
                                                                                                                                                                                      • Instruction ID: e6d360607d455c6aa0931be877efd135335bd113da7159b83d6f7b31d0c6838f
                                                                                                                                                                                      • Opcode Fuzzy Hash: a95fe7b9809f20d24c45d18936c36fa2317ccb405fffb6bad0c56651588825d4
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0151BD52B1964281FE74FF3359115BAD2BAAF85BC4FC84034DE6D47B92EE3CE4428220
                                                                                                                                                                                      Function 00007FF7996925A0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: HeapProcess
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 54951025-0
                                                                                                                                                                                      • Opcode ID: 6aaf01db4fcd6d8e5e92a2165bcca8bef3bc9097c29bcaeff3790f5a52787e5b
                                                                                                                                                                                      • Instruction ID: 9b26ff0cece4721bcd545226b456775ea7093aec27586a6e568f7f90665f999b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6aaf01db4fcd6d8e5e92a2165bcca8bef3bc9097c29bcaeff3790f5a52787e5b
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3FB09264E0BA42D2FA283F356C8221863B67F48700FD80079C11C40320EF3C24AAA720
                                                                                                                                                                                      Function 00007FF799682800 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 720b0f885fc535c3a242e303a59ba9c626026de2633fd245c18c7096fc28f432
                                                                                                                                                                                      • Instruction ID: 3ab78a7e033aabcc9b4683a510b6f5b7bfa9d65de8f954899eab68babc4916f0
                                                                                                                                                                                      • Opcode Fuzzy Hash: 720b0f885fc535c3a242e303a59ba9c626026de2633fd245c18c7096fc28f432
                                                                                                                                                                                      • Instruction Fuzzy Hash: B3D1D362A08642C6FB78AE3B854027DE3B2FF45B98F940235CE6D17694DF39E845C320
                                                                                                                                                                                      Function 00007FF7996780A0 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 25b4879d951165098d7d9ad8dfdbe188c5f26750c92d05a39af3c572e9b4c9ce
                                                                                                                                                                                      • Instruction ID: d299268ad21596e4e4d94126ac808d8ab2f42ee8a6bee1f4bc5b60923fbbc22b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 25b4879d951165098d7d9ad8dfdbe188c5f26750c92d05a39af3c572e9b4c9ce
                                                                                                                                                                                      • Instruction Fuzzy Hash: E1C185721141E04BE2D9EB29E45947EB7A1F78934DBD4403BEB8747B89C63CE414D760
                                                                                                                                                                                      Function 00007FF799681E70 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 3511ad376341763adbf03eaa1481790c1cd7a3e825f7d6c297581565e8b6740f
                                                                                                                                                                                      • Instruction ID: 8fabc85e970854b9493aaf256d3d490c79ac6af529e0db84ea3f1f03d8dee77b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3511ad376341763adbf03eaa1481790c1cd7a3e825f7d6c297581565e8b6740f
                                                                                                                                                                                      • Instruction Fuzzy Hash: E1B16A72918685C5FB749F3AC05023CBBB2E749B88FA54136CB9E47795CF29E481C720
                                                                                                                                                                                      Function 00007FF79968D718 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: b482d32cf4439f597672c93949c919f143e2d798b80af63496daf47fa9f459cc
                                                                                                                                                                                      • Instruction ID: ea1dfe8ebaccd5197bae628e9413077fae446cbab69be6633007ad2ff5823ba9
                                                                                                                                                                                      • Opcode Fuzzy Hash: b482d32cf4439f597672c93949c919f143e2d798b80af63496daf47fa9f459cc
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7181B372A08781C7FB74EF2AA450369E6B2FB45794F944235DBAD43B85DE3DE4408B20
                                                                                                                                                                                      Function 00007FF799695820 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                      • Opcode ID: 43964b9baea6600a933ee8e1a049a499104490ec7162e6d0a4f8078b6de4c171
                                                                                                                                                                                      • Instruction ID: e501fcc070212416ed7724a3a474ad74db2d9395964613436981e86f7a7c2c15
                                                                                                                                                                                      • Opcode Fuzzy Hash: 43964b9baea6600a933ee8e1a049a499104490ec7162e6d0a4f8078b6de4c171
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0761D322E1829246FB74AE398450379E6B3BF40370F94427ADE3E466D5EE7DE8048724
                                                                                                                                                                                      Function 00007FF7996813C4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 867914ff4df0b6b44d704adc42bbe88cde9096fdc707783f05752eff833c7ffe
                                                                                                                                                                                      • Instruction ID: c9a8dcadc433851f3c9fbeb8d41d76f4a34d725c86d73a937cc82ea45ce7d9eb
                                                                                                                                                                                      • Opcode Fuzzy Hash: 867914ff4df0b6b44d704adc42bbe88cde9096fdc707783f05752eff833c7ffe
                                                                                                                                                                                      • Instruction Fuzzy Hash: D7516E76A18651C6F7349F3AD040228F7B2EB49B68FA54131CE5D577A4CB3AE882C790
                                                                                                                                                                                      Function 00007FF799680BA4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: c32b4ddfd43473a216dec7aa9a0be5b617892f75f4149cffacdc7470c95e978f
                                                                                                                                                                                      • Instruction ID: bd5888f25da8d6cb1d8007187e3f798a02ab72cf9a0197b69c23eeaaa1d51ad8
                                                                                                                                                                                      • Opcode Fuzzy Hash: c32b4ddfd43473a216dec7aa9a0be5b617892f75f4149cffacdc7470c95e978f
                                                                                                                                                                                      • Instruction Fuzzy Hash: A9519F76A18A51C6F7349F3AD0442A8F3B2EB48B68F645531CE6D077A5CB3AE842C750
                                                                                                                                                                                      Function 00007FF799680FB4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: d861661aa08db629cc23cdca8c369b076586a2e450c00db1ba5d57a294e44a4f
                                                                                                                                                                                      • Instruction ID: d70b5cced6f63ac5279cc6b8053c05f078c12df06cad382070a5ea1161eebd2e
                                                                                                                                                                                      • Opcode Fuzzy Hash: d861661aa08db629cc23cdca8c369b076586a2e450c00db1ba5d57a294e44a4f
                                                                                                                                                                                      • Instruction Fuzzy Hash: DB518136A28651C2F7349F3AC440238E7B2EB45BA8FA54131CA9D17794CF7AE883C750
                                                                                                                                                                                      Function 00007FF7996811C0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 6b4a4146db3bd1fe649265067838c8b0d7c1a5e97031d62dd0eb31e0fdd0228e
                                                                                                                                                                                      • Instruction ID: 2aff6afee196e53e6dd0132401155c4fd441080b52e14fb5ede4fff57082d135
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6b4a4146db3bd1fe649265067838c8b0d7c1a5e97031d62dd0eb31e0fdd0228e
                                                                                                                                                                                      • Instruction Fuzzy Hash: B1518C32A18A51C6F7349F3AD05062CE7B2EB49B58FA54131CE5C577A8CB2AE8C3D750
                                                                                                                                                                                      Function 00007FF7996809A0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 876697f8e8f5cbbdb44752562e3cb115d809b93d1bac5633a342ac63b65505f1
                                                                                                                                                                                      • Instruction ID: fce44f1c78f60d73e945b854d28247ae7c19af5d13690ebfd44bfdd0fb0919f1
                                                                                                                                                                                      • Opcode Fuzzy Hash: 876697f8e8f5cbbdb44752562e3cb115d809b93d1bac5633a342ac63b65505f1
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B51A036A18655C2F7349F3AC0402BCE7B2EB45B58FA84532CE5D177A5DB3AE842C750
                                                                                                                                                                                      Function 00007FF799680DB0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 1de1d42fcd570761cca71ddda72003ed022ec41b6526507f8e47f89f031e3167
                                                                                                                                                                                      • Instruction ID: 9a28e43c7201dedb32141f1002174d6ab93af6a1122d7cba553ae11c35e248ed
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1de1d42fcd570761cca71ddda72003ed022ec41b6526507f8e47f89f031e3167
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7751D336A18651C5F7349F3AC0442B9F3B2EB49B58FA48531DE5C17794CB3AE852C750
                                                                                                                                                                                      Function 00007FF799684F50 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                      • Instruction ID: 417a38378c40fc3ac0223dfbfae53db4648283139436519a9ba3f9e1c84696ed
                                                                                                                                                                                      • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                      • Instruction Fuzzy Hash: E241D45381D64AC4F9B19D3A45006B8EAB2AF637E1DE853F4DCBA173C2CD0C2586C161
                                                                                                                                                                                      Function 00007FF799688BA0 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorFreeHeapLast
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 485612231-0
                                                                                                                                                                                      • Opcode ID: d52a693ca64156346f3ce50e8e1564a69fccf06189b002bdd4e7495fde204544
                                                                                                                                                                                      • Instruction ID: b322df590eb5fe641848424e0b0d2ab7b105bab07963ec476499b4480a1934f5
                                                                                                                                                                                      • Opcode Fuzzy Hash: d52a693ca64156346f3ce50e8e1564a69fccf06189b002bdd4e7495fde204544
                                                                                                                                                                                      • Instruction Fuzzy Hash: A4410862715A5482FF64DF3AD9145A9F3B2BB48FD4B849036EE1D87B58DE3CD4428310
                                                                                                                                                                                      Function 00007FF799686560 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: ee4673de95ce1c3203f19ce9ce644468e75f80e7845f38315ddde02822e300f2
                                                                                                                                                                                      • Instruction ID: bf800fc66c3221958ea018c5c47e08cc8be30f54f9e632594479463cd873a5dc
                                                                                                                                                                                      • Opcode Fuzzy Hash: ee4673de95ce1c3203f19ce9ce644468e75f80e7845f38315ddde02822e300f2
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B31B332718B8282F634AF366550129EAA6AF85BA0F944238EA6D53B95DF3CD0128615
                                                                                                                                                                                      Function 00007FF7996989B0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: b98f8205f4dd5ad0f3b4c63852b6076f32f3a1b530b1ff8e23dc59df104b107b
                                                                                                                                                                                      • Instruction ID: e23c47f5a682016f68a7eea4b8e62faa0bf6194194f658648eb26772c3cc7dcc
                                                                                                                                                                                      • Opcode Fuzzy Hash: b98f8205f4dd5ad0f3b4c63852b6076f32f3a1b530b1ff8e23dc59df104b107b
                                                                                                                                                                                      • Instruction Fuzzy Hash: B8F068B17182658BFBA89F79A81262977E1F7083C0F849039D59D87B04D63C90518F14
                                                                                                                                                                                      Function 00007FF79967B880 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 03ec394501486fefa8e68c4fc5f22486c81951ca79d36a27091b1f9b4683aa64
                                                                                                                                                                                      • Instruction ID: 23a32dbfbc8e99c82b99839b2860aad61f9dcb6a52f159d3e5e6d43802c1544d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 03ec394501486fefa8e68c4fc5f22486c81951ca79d36a27091b1f9b4683aa64
                                                                                                                                                                                      • Instruction Fuzzy Hash: EEA0023590CD06D0FA64BF30E850030A3B2FB90304BC40073D43D411A09F3CE440D320
                                                                                                                                                                                      Function 00007FF7996755D0 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                      • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                      • API String ID: 2238633743-1453502826
                                                                                                                                                                                      • Opcode ID: ba523ba2b13c4ea14ee618d69630f35f7ff64aa3d65f3ca8e14aa07d75cb9247
                                                                                                                                                                                      • Instruction ID: 546daf0d824da9f2b12c76f8f05e1ef928d541f19300c744d51915337564c0f2
                                                                                                                                                                                      • Opcode Fuzzy Hash: ba523ba2b13c4ea14ee618d69630f35f7ff64aa3d65f3ca8e14aa07d75cb9247
                                                                                                                                                                                      • Instruction Fuzzy Hash: F0E1CF64A0DB0391FE75EF39A9501B4A3FBAF04794BC465B5C82E06768EF7CF5488221
                                                                                                                                                                                      Function 00007FF799672030 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                      • String ID: P%
                                                                                                                                                                                      • API String ID: 2147705588-2959514604
                                                                                                                                                                                      • Opcode ID: 2abf96d7e756ec95747b6225775113f5ca3bbb9c1d9d148edce5ba3104c9dbe9
                                                                                                                                                                                      • Instruction ID: c1987bf39f7f84d644c155ce87cb73f5a88b4865fa1a55fa3f7f935fd86d001b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2abf96d7e756ec95747b6225775113f5ca3bbb9c1d9d148edce5ba3104c9dbe9
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9451E6266147A186E634AF36A4181BAF7B2F798BA5F004121EBDE43784DF3CD045DB20
                                                                                                                                                                                      Function 00007FF799680228 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                      • String ID: f$f$p$p$f
                                                                                                                                                                                      • API String ID: 3215553584-1325933183
                                                                                                                                                                                      • Opcode ID: 864902cbb2e935f55fbb0b0f358a3d1305b233c90ffe52d12db1516ed6b7c985
                                                                                                                                                                                      • Instruction ID: 81cff7df6d6c556f5b8e30e0c4cfa7491e3a93097ea40b906064c210628f2328
                                                                                                                                                                                      • Opcode Fuzzy Hash: 864902cbb2e935f55fbb0b0f358a3d1305b233c90ffe52d12db1516ed6b7c985
                                                                                                                                                                                      • Instruction Fuzzy Hash: 921281A2E0D143C6FB707E26E1542FAE2B3FB80750FD44835D6A9466C4DB7CE4818B61
                                                                                                                                                                                      Function 00007FF7996712B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Message
                                                                                                                                                                                      • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                      • API String ID: 2030045667-3659356012
                                                                                                                                                                                      • Opcode ID: 70f2d7e612742e451021b5ff7637aededee4a2924d019024c3dfd69a0212e249
                                                                                                                                                                                      • Instruction ID: 62d1080928c1f2fd2ba1252469e17ace3cf6550700a41940ae2740a5f9e9959a
                                                                                                                                                                                      • Opcode Fuzzy Hash: 70f2d7e612742e451021b5ff7637aededee4a2924d019024c3dfd69a0212e249
                                                                                                                                                                                      • Instruction Fuzzy Hash: B0416A22A0974281FA34FF25E4056BAE3B2EB44794FD54432DE6D47B55EE3CE5828720
                                                                                                                                                                                      Function 00007FF79967DC30 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                      • String ID: csm$csm$csm
                                                                                                                                                                                      • API String ID: 849930591-393685449
                                                                                                                                                                                      • Opcode ID: 64a04dea20eab758f09741b49381e36ae6aa3d4dbdf263ead872da10faeebcc4
                                                                                                                                                                                      • Instruction ID: a90bb8456953b4de09257b5f234b98d66b6a506c40b77641ebbfe4cacb03056d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 64a04dea20eab758f09741b49381e36ae6aa3d4dbdf263ead872da10faeebcc4
                                                                                                                                                                                      • Instruction Fuzzy Hash: DCE16A72A08B418AFB30AF3594502ADB7B2FB55798F900535EEAD57B95CF38E094C710
                                                                                                                                                                                      Function 00007FF79968DDB8 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,00000000,?,00007FF79968E152,?,?,000002CBEB838558,00007FF79968A223,?,?,?,00007FF79968A11A,?,?,?,00007FF799685472), ref: 00007FF79968DF34
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00000000,?,00007FF79968E152,?,?,000002CBEB838558,00007FF79968A223,?,?,?,00007FF79968A11A,?,?,?,00007FF799685472), ref: 00007FF79968DF40
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AddressFreeLibraryProc
                                                                                                                                                                                      • String ID: api-ms-$ext-ms-
                                                                                                                                                                                      • API String ID: 3013587201-537541572
                                                                                                                                                                                      • Opcode ID: 01869d8b0b1ae08ce046380e8c955ca032c286979885a37836ee5a28d8bde6d1
                                                                                                                                                                                      • Instruction ID: f260d4db76f6b8784395444d1fd7ea88a066038ecdba909e45030ec7c15cfee3
                                                                                                                                                                                      • Opcode Fuzzy Hash: 01869d8b0b1ae08ce046380e8c955ca032c286979885a37836ee5a28d8bde6d1
                                                                                                                                                                                      • Instruction Fuzzy Hash: D441CF21B1AA1283FA36AF279824575E2A3BF15BA0FC94135DD2D47B84DE3CF445C234
                                                                                                                                                                                      Function 00007FF799677600 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF79967101D), ref: 00007FF79967769F
                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF79967101D), ref: 00007FF7996776EF
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ByteCharMultiWide
                                                                                                                                                                                      • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                      • API String ID: 626452242-27947307
                                                                                                                                                                                      • Opcode ID: ff563fd808d69f35f83569dbbc19b7f1e21c5d08308d418d8919d0e7ff1619ab
                                                                                                                                                                                      • Instruction ID: 0d5e00988aadbea750dcf7a87416e449d809141b83344e7ad1b7caf5271dac2d
                                                                                                                                                                                      • Opcode Fuzzy Hash: ff563fd808d69f35f83569dbbc19b7f1e21c5d08308d418d8919d0e7ff1619ab
                                                                                                                                                                                      • Instruction Fuzzy Hash: 69416D32A18B8282E630EF25B44016AF7FAFB84B94F984135DAAD47B94EF3CD451C710
                                                                                                                                                                                      Function 00007FF799677B40 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00007FF799673699), ref: 00007FF799677B81
                                                                                                                                                                                        • Part of subcall function 00007FF799672620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF799677744,?,?,?,?,?,?,?,?,?,?,?,00007FF79967101D), ref: 00007FF799672654
                                                                                                                                                                                        • Part of subcall function 00007FF799672620: MessageBoxW.USER32 ref: 00007FF79967272C
                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00007FF799673699), ref: 00007FF799677BF5
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                      • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                      • API String ID: 3723044601-27947307
                                                                                                                                                                                      • Opcode ID: aced5f46d53ba3e30c592e5434d0d7ab1f54160dd14b943fd141642a19c75b6b
                                                                                                                                                                                      • Instruction ID: c824078db04d8ba7a6d76ae15dbc936f5b6e84e1b63cf3fb44b90d23f7e5b2ea
                                                                                                                                                                                      • Opcode Fuzzy Hash: aced5f46d53ba3e30c592e5434d0d7ab1f54160dd14b943fd141642a19c75b6b
                                                                                                                                                                                      • Instruction Fuzzy Hash: C7217C71A09B4285FA20EF36A840079B6B7EB88B84FD84576CA6E43794EF7DE551C310
                                                                                                                                                                                      Function 00007FF799689264 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                      • String ID: f$p$p
                                                                                                                                                                                      • API String ID: 3215553584-1995029353
                                                                                                                                                                                      • Opcode ID: 8b43f30c9b627f105c9440690760d813b6cbc2015482011a3dd154e3df4de9b0
                                                                                                                                                                                      • Instruction ID: 1f1a71ee98f36a80f6aef0a51284f36c4e885c80b5c72fdfb15640155fd405a6
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b43f30c9b627f105c9440690760d813b6cbc2015482011a3dd154e3df4de9b0
                                                                                                                                                                                      • Instruction Fuzzy Hash: 371271A2E0C143C6FB347E76D154279F6B2EB82756FC84435E7AA466C4DA3CE5818B20
                                                                                                                                                                                      Function 00007FF799677C30 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 98COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ByteCharMultiWide
                                                                                                                                                                                      • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                      • API String ID: 626452242-876015163
                                                                                                                                                                                      • Opcode ID: 290b57ca8453ae885af3ff2fc0035437ec55c1325ab119fe22c2f927501d8716
                                                                                                                                                                                      • Instruction ID: 8f214edc4514a6805941a47f19ed538f2d8c633251cbe1df22c28f565c6bc270
                                                                                                                                                                                      • Opcode Fuzzy Hash: 290b57ca8453ae885af3ff2fc0035437ec55c1325ab119fe22c2f927501d8716
                                                                                                                                                                                      • Instruction Fuzzy Hash: A2416B32A18B4282F630EF35A44017AA7BAFB48B94F945135DAAD47BA4EF3CD452C710
                                                                                                                                                                                      Function 00007FF799676480 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00007FF799677A30: MultiByteToWideChar.KERNEL32 ref: 00007FF799677A6A
                                                                                                                                                                                      • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF7996767CF,?,00000000,?,TokenIntegrityLevel), ref: 00007FF7996764DF
                                                                                                                                                                                        • Part of subcall function 00007FF799672770: MessageBoxW.USER32 ref: 00007FF799672841
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF79967653A
                                                                                                                                                                                      • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF7996764B6
                                                                                                                                                                                      • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF7996764F3
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                      • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                                      • API String ID: 1662231829-3498232454
                                                                                                                                                                                      • Opcode ID: e82e75a9301f2c01be817318613aadd6cb56ce3046e43f6970fb0f78f3b425c1
                                                                                                                                                                                      • Instruction ID: 266ed820efb383508b0c9beb70bef48630d694d6329b3ef92696a695b2a67dbb
                                                                                                                                                                                      • Opcode Fuzzy Hash: e82e75a9301f2c01be817318613aadd6cb56ce3046e43f6970fb0f78f3b425c1
                                                                                                                                                                                      • Instruction Fuzzy Hash: 19316911B1974291FA30BF31A9553BAD6B3AF987C0FC44031DA6E827DAEE2CE5048720
                                                                                                                                                                                      Function 00007FF79967CEE8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF79967D19A,?,?,?,00007FF79967CE8C,?,?,00000001,00007FF79967CAA9), ref: 00007FF79967CF6D
                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF79967D19A,?,?,?,00007FF79967CE8C,?,?,00000001,00007FF79967CAA9), ref: 00007FF79967CF7B
                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF79967D19A,?,?,?,00007FF79967CE8C,?,?,00000001,00007FF79967CAA9), ref: 00007FF79967CFA5
                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF79967D19A,?,?,?,00007FF79967CE8C,?,?,00000001,00007FF79967CAA9), ref: 00007FF79967CFEB
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,?,00007FF79967D19A,?,?,?,00007FF79967CE8C,?,?,00000001,00007FF79967CAA9), ref: 00007FF79967CFF7
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                      • String ID: api-ms-
                                                                                                                                                                                      • API String ID: 2559590344-2084034818
                                                                                                                                                                                      • Opcode ID: 46f8882ba5516ded8d0f67aa9085a497a0d646e74245b223b6bb25c85e55adca
                                                                                                                                                                                      • Instruction ID: 4c21afe2fbe12589a4483beb81a974cddd8ac0454b33f17811cba323b8c94d9c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 46f8882ba5516ded8d0f67aa9085a497a0d646e74245b223b6bb25c85e55adca
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6E31B021A1AB4296FE71AF22A400575A3F6FF08BA4F994935DD3D4A390DF3CE445C720
                                                                                                                                                                                      Function 00007FF799677A30 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32 ref: 00007FF799677A6A
                                                                                                                                                                                        • Part of subcall function 00007FF799672620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF799677744,?,?,?,?,?,?,?,?,?,?,?,00007FF79967101D), ref: 00007FF799672654
                                                                                                                                                                                        • Part of subcall function 00007FF799672620: MessageBoxW.USER32 ref: 00007FF79967272C
                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32 ref: 00007FF799677AF0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                      • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                      • API String ID: 3723044601-876015163
                                                                                                                                                                                      • Opcode ID: a067ef3949ab1c43b8cad70a8c207a907739284b21da8d2c9820fdf83144c31f
                                                                                                                                                                                      • Instruction ID: 4a75324088f6c00c57e3098ae5e7121ca9c913d2835dcd07ebb7702587889bf3
                                                                                                                                                                                      • Opcode Fuzzy Hash: a067ef3949ab1c43b8cad70a8c207a907739284b21da8d2c9820fdf83144c31f
                                                                                                                                                                                      • Instruction Fuzzy Hash: FA213222B18A4281FA60EF35F400069E3B2EF85784F944572DB6C83B69EF2DD5418710
                                                                                                                                                                                      Function 00007FF79968A620 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF799692433,?,?,?,00007FF79968CB8C,?,?,00000000,00007FF799683A5F,?,?,?,00007FF799689313), ref: 00007FF79968A62F
                                                                                                                                                                                      • FlsGetValue.KERNEL32(?,?,?,00007FF799692433,?,?,?,00007FF79968CB8C,?,?,00000000,00007FF799683A5F,?,?,?,00007FF799689313), ref: 00007FF79968A644
                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF799692433,?,?,?,00007FF79968CB8C,?,?,00000000,00007FF799683A5F,?,?,?,00007FF799689313), ref: 00007FF79968A665
                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF799692433,?,?,?,00007FF79968CB8C,?,?,00000000,00007FF799683A5F,?,?,?,00007FF799689313), ref: 00007FF79968A692
                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF799692433,?,?,?,00007FF79968CB8C,?,?,00000000,00007FF799683A5F,?,?,?,00007FF799689313), ref: 00007FF79968A6A3
                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF799692433,?,?,?,00007FF79968CB8C,?,?,00000000,00007FF799683A5F,?,?,?,00007FF799689313), ref: 00007FF79968A6B4
                                                                                                                                                                                      • SetLastError.KERNEL32(?,?,?,00007FF799692433,?,?,?,00007FF79968CB8C,?,?,00000000,00007FF799683A5F,?,?,?,00007FF799689313), ref: 00007FF79968A6CF
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Value$ErrorLast
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2506987500-0
                                                                                                                                                                                      • Opcode ID: 6fa1fab48d66e1463309dc109adf4585d75bfd82a6fbadce2d7c74c597cc3b40
                                                                                                                                                                                      • Instruction ID: 73d80ed725b09cdc29989f16e4ca3e2d422295f8e366a04a994ffe3a41db0764
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6fa1fab48d66e1463309dc109adf4585d75bfd82a6fbadce2d7c74c597cc3b40
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9A213A70A0D202C2FA79BF725655139E2735F55BA0F940734D97E076DAEE2CB4414220
                                                                                                                                                                                      Function 00007FF79969706C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                      • String ID: CONOUT$
                                                                                                                                                                                      • API String ID: 3230265001-3130406586
                                                                                                                                                                                      • Opcode ID: 1a41989b306c04176fbb8ce5d038fb17b2eb18ca34d01c5ff4cda60dd112554e
                                                                                                                                                                                      • Instruction ID: ae27a9527c60b533e4b94566da19de37db28d38fe5cb4b266f5bfbfad138cc7f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1a41989b306c04176fbb8ce5d038fb17b2eb18ca34d01c5ff4cda60dd112554e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C119635B18A4186F760AF22E854325B2B6FB88FE4F840274D96D47794CF3CD404C750
                                                                                                                                                                                      Function 00007FF79968A798 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF79968444D,?,?,?,?,00007FF79968DDA7,?,?,00000000,00007FF79968A8B6,?,?,?), ref: 00007FF79968A7A7
                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF79968444D,?,?,?,?,00007FF79968DDA7,?,?,00000000,00007FF79968A8B6,?,?,?), ref: 00007FF79968A7DD
                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF79968444D,?,?,?,?,00007FF79968DDA7,?,?,00000000,00007FF79968A8B6,?,?,?), ref: 00007FF79968A80A
                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF79968444D,?,?,?,?,00007FF79968DDA7,?,?,00000000,00007FF79968A8B6,?,?,?), ref: 00007FF79968A81B
                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF79968444D,?,?,?,?,00007FF79968DDA7,?,?,00000000,00007FF79968A8B6,?,?,?), ref: 00007FF79968A82C
                                                                                                                                                                                      • SetLastError.KERNEL32(?,?,?,00007FF79968444D,?,?,?,?,00007FF79968DDA7,?,?,00000000,00007FF79968A8B6,?,?,?), ref: 00007FF79968A847
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Value$ErrorLast
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2506987500-0
                                                                                                                                                                                      • Opcode ID: f18d8f431814927885b9c894ece884b545559122ce24857c2491552e22e71327
                                                                                                                                                                                      • Instruction ID: 5df83c42c9f1df5862224c82ffc349bcf3d72941a2ea16f0cfe7e2f3e893981e
                                                                                                                                                                                      • Opcode Fuzzy Hash: f18d8f431814927885b9c894ece884b545559122ce24857c2491552e22e71327
                                                                                                                                                                                      • Instruction Fuzzy Hash: D8111834A0D642C2FA797F325A55179E1B35F55BB0BD44634D97E076D6EE2CA8028230
                                                                                                                                                                                      Function 00007FF79967C8A8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                      • String ID: csm$f
                                                                                                                                                                                      • API String ID: 2395640692-629598281
                                                                                                                                                                                      • Opcode ID: 42fbbb83cedbe148bfcc1de87ea3e914151e174f0a46670c6939306692d2d31c
                                                                                                                                                                                      • Instruction ID: ff8f632eba6582de534bbb4c5b25ca9f2b9bb5762084c20fcc012411f0c243a8
                                                                                                                                                                                      • Opcode Fuzzy Hash: 42fbbb83cedbe148bfcc1de87ea3e914151e174f0a46670c6939306692d2d31c
                                                                                                                                                                                      • Instruction Fuzzy Hash: E451B432A0970286F774EF35D404A39B7B6FB45B88F908131DA6A47748DF3EE9418710
                                                                                                                                                                                      Function 00007FF799672240 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                      • String ID: Unhandled exception in script
                                                                                                                                                                                      • API String ID: 3081866767-2699770090
                                                                                                                                                                                      • Opcode ID: 01a0bb9e98a22bc39d92f1d9306349b6b95e7735addeeef39cbdf51254e5f23a
                                                                                                                                                                                      • Instruction ID: 4aad9533128c2b7fd2fa26b7d8d5e179ec7ec655d1878852b9112b5b5da526f0
                                                                                                                                                                                      • Opcode Fuzzy Hash: 01a0bb9e98a22bc39d92f1d9306349b6b95e7735addeeef39cbdf51254e5f23a
                                                                                                                                                                                      • Instruction Fuzzy Hash: 13311826A09A8289EB24EF71E8552F9A3B2FF88794F800135EA5D4BB59DF3CD1458710
                                                                                                                                                                                      Function 00007FF799672620 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF799677744,?,?,?,?,?,?,?,?,?,?,?,00007FF79967101D), ref: 00007FF799672654
                                                                                                                                                                                        • Part of subcall function 00007FF7996774B0: GetLastError.KERNEL32(00000000,00007FF7996726A0), ref: 00007FF7996774D7
                                                                                                                                                                                        • Part of subcall function 00007FF7996774B0: FormatMessageW.KERNEL32(00000000,00007FF7996726A0), ref: 00007FF799677506
                                                                                                                                                                                        • Part of subcall function 00007FF799677A30: MultiByteToWideChar.KERNEL32 ref: 00007FF799677A6A
                                                                                                                                                                                      • MessageBoxW.USER32 ref: 00007FF79967272C
                                                                                                                                                                                      • MessageBoxA.USER32 ref: 00007FF799672748
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Message$ErrorLast$ByteCharFormatMultiWide
                                                                                                                                                                                      • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                      • API String ID: 2806210788-2410924014
                                                                                                                                                                                      • Opcode ID: bd2085b38ade222d48c53e4b242a54a19eedc60d0d0276a39b8304b5fd6b5430
                                                                                                                                                                                      • Instruction ID: 4966ea3d39accd05bf1668c54926c908baa1c8b0c422090da719c9a7e6978903
                                                                                                                                                                                      • Opcode Fuzzy Hash: bd2085b38ade222d48c53e4b242a54a19eedc60d0d0276a39b8304b5fd6b5430
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E31217662878291F630AF20E4517EAA3B6FB84784FC04036E69D47B99DF3CD245CB50
                                                                                                                                                                                      Function 00007FF7996888E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                                                                                      • Opcode ID: 611779d08fafb8db9f6fab045cd04065641a8af0ffd245d6ff06f44facfa83ea
                                                                                                                                                                                      • Instruction ID: 9738b7bfc7961fb854a5b2b908624a3026d39fe20d89d17cb6810a516e3c78e5
                                                                                                                                                                                      • Opcode Fuzzy Hash: 611779d08fafb8db9f6fab045cd04065641a8af0ffd245d6ff06f44facfa83ea
                                                                                                                                                                                      • Instruction Fuzzy Hash: 65F04965A19A0281FE30AF35A455339E372AF897A5FD40636DA7E456E4CF2CD489C320
                                                                                                                                                                                      Function 00007FF7996987A4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _set_statfp
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1156100317-0
                                                                                                                                                                                      • Opcode ID: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                                                      • Instruction ID: 5273b52561b0eeae0844fd26ed9061ab117a3b0aa19a504c2cb5ad8c71c2bef7
                                                                                                                                                                                      • Opcode Fuzzy Hash: 69d38c35bd33e64192705e47d806ebaffe6519085bb8d16871af39b095092657
                                                                                                                                                                                      • Instruction Fuzzy Hash: D411E322E1CA0711F6B43934E64137994636F593F4FC402B1E97E0A6D6CE2CAC424171
                                                                                                                                                                                      Function 00007FF79968A860 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • FlsGetValue.KERNEL32(?,?,?,00007FF799689A73,?,?,00000000,00007FF799689D0E,?,?,?,?,?,00007FF7996821EC), ref: 00007FF79968A87F
                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF799689A73,?,?,00000000,00007FF799689D0E,?,?,?,?,?,00007FF7996821EC), ref: 00007FF79968A89E
                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF799689A73,?,?,00000000,00007FF799689D0E,?,?,?,?,?,00007FF7996821EC), ref: 00007FF79968A8C6
                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF799689A73,?,?,00000000,00007FF799689D0E,?,?,?,?,?,00007FF7996821EC), ref: 00007FF79968A8D7
                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF799689A73,?,?,00000000,00007FF799689D0E,?,?,?,?,?,00007FF7996821EC), ref: 00007FF79968A8E8
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Value
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3702945584-0
                                                                                                                                                                                      • Opcode ID: b230e00eb3a4a963830e94931d1c566e9f2167cfa2cfe95f454d85ffeb99a2ab
                                                                                                                                                                                      • Instruction ID: 9b6a671119ecf4fcedd45297de1a1f84c078312404fc8ff5c6481a1f2c9d242a
                                                                                                                                                                                      • Opcode Fuzzy Hash: b230e00eb3a4a963830e94931d1c566e9f2167cfa2cfe95f454d85ffeb99a2ab
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3E114A30F0D24282FA79BF375551179D1635F557A0FD45634E87D066C6DE2CB8028630
                                                                                                                                                                                      Function 00007FF79968A6F4 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF799692433,?,?,?,00007FF79968CB8C,?,?,00000000,00007FF799683A5F), ref: 00007FF79968A705
                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF799692433,?,?,?,00007FF79968CB8C,?,?,00000000,00007FF799683A5F), ref: 00007FF79968A724
                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF799692433,?,?,?,00007FF79968CB8C,?,?,00000000,00007FF799683A5F), ref: 00007FF79968A74C
                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF799692433,?,?,?,00007FF79968CB8C,?,?,00000000,00007FF799683A5F), ref: 00007FF79968A75D
                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF799692433,?,?,?,00007FF79968CB8C,?,?,00000000,00007FF799683A5F), ref: 00007FF79968A76E
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Value
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3702945584-0
                                                                                                                                                                                      • Opcode ID: 2ba98259ac8f671f7b11ef4b4b97e12d4d2c3255f6215eff0bd660afad52eb11
                                                                                                                                                                                      • Instruction ID: c600ec7857520844fcbcd2d6753b112b199179e28c033915c05c953ea5b01934
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2ba98259ac8f671f7b11ef4b4b97e12d4d2c3255f6215eff0bd660afad52eb11
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C11D638A09202C2FA79BE73486617AD2B34F65770F981734D97E0A2D2ED2CB8419231
                                                                                                                                                                                      Function 00007FF79968F198 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                      • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                      • API String ID: 3215553584-1196891531
                                                                                                                                                                                      • Opcode ID: e657aeb740c2ac826b77e83addb2cc82262a2e6e3b5be7210a8d66ad85871f1f
                                                                                                                                                                                      • Instruction ID: 6a04b2884da6226e2135f1ea046e6eeccb1f56293f9bf8eeeaad9e54e848b90e
                                                                                                                                                                                      • Opcode Fuzzy Hash: e657aeb740c2ac826b77e83addb2cc82262a2e6e3b5be7210a8d66ad85871f1f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D818136E0C202C6F7B47E3F8110278F6B2AB15B88FD58035DA6997295DF2DE90197E1
                                                                                                                                                                                      Function 00007FF79967E108 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CallEncodePointerTranslator
                                                                                                                                                                                      • String ID: MOC$RCC
                                                                                                                                                                                      • API String ID: 3544855599-2084237596
                                                                                                                                                                                      • Opcode ID: e66b2a899b3be21a272ca3efbe1e1fab7eec351de36f73ff2a6cc06a45c4f2b1
                                                                                                                                                                                      • Instruction ID: 0c7c17a54c280728cd13650006602fa1da4f6f08516bfc2eb66169e5c95b0cf1
                                                                                                                                                                                      • Opcode Fuzzy Hash: e66b2a899b3be21a272ca3efbe1e1fab7eec351de36f73ff2a6cc06a45c4f2b1
                                                                                                                                                                                      • Instruction Fuzzy Hash: DF615A32A08B458AF721EF75D4803ADB7B1FB54B88F544225EEAD17BA4DB38E049C710
                                                                                                                                                                                      Function 00007FF79967E464 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                      • String ID: csm$csm
                                                                                                                                                                                      • API String ID: 3896166516-3733052814
                                                                                                                                                                                      • Opcode ID: 37bca86698e542f9df3f1c5971c843800452ce466371b2576d682bdca002ed1e
                                                                                                                                                                                      • Instruction ID: f4ee3320e5ad9ff6ad4ec54d7b9544e339ecb18db1cc1e515017a1ebf144bc10
                                                                                                                                                                                      • Opcode Fuzzy Hash: 37bca86698e542f9df3f1c5971c843800452ce466371b2576d682bdca002ed1e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D51A23290874286FB75AF359144268B7B2EB64B88F944135DAEC47BE9CF3CE454CB20
                                                                                                                                                                                      Function 00007FF7996724D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                      • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                      • API String ID: 1878133881-2410924014
                                                                                                                                                                                      • Opcode ID: 1ad8658de8dbd2e7b08889bff9c9537d6e44ae678795f4b96bc9f189f6c45e5f
                                                                                                                                                                                      • Instruction ID: 5b8e46e8302c47d9ea066a141f81b2a46648a287224672c7f22f75f15ca7f6ef
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1ad8658de8dbd2e7b08889bff9c9537d6e44ae678795f4b96bc9f189f6c45e5f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A31007262878191F630AF21E4516EAA3B6FB84784F804136EA9D47A99DE3CD245CB50
                                                                                                                                                                                      Function 00007FF799673BA0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(?,00007FF799673699), ref: 00007FF799673BD1
                                                                                                                                                                                        • Part of subcall function 00007FF799672620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF799677744,?,?,?,?,?,?,?,?,?,?,?,00007FF79967101D), ref: 00007FF799672654
                                                                                                                                                                                        • Part of subcall function 00007FF799672620: MessageBoxW.USER32 ref: 00007FF79967272C
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorFileLastMessageModuleName
                                                                                                                                                                                      • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                      • API String ID: 2581892565-1977442011
                                                                                                                                                                                      • Opcode ID: fe87d08da65b513e87772ab3e16eb14927cda1b8744753a26f3e7d7b1799e4b8
                                                                                                                                                                                      • Instruction ID: dffbce791132760f5be8225a78daa5b0ea1281113cd13322f5da4ed9f6b4ff4e
                                                                                                                                                                                      • Opcode Fuzzy Hash: fe87d08da65b513e87772ab3e16eb14927cda1b8744753a26f3e7d7b1799e4b8
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F018B61B1D74281FA31BF30E8163B992B7AF587C4FC01136E96E86782EE5CE2449730
                                                                                                                                                                                      Function 00007FF79968BA70 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2718003287-0
                                                                                                                                                                                      • Opcode ID: f750311aff661a04a86bbbada4284786bf27b8065a17484a8f486471230e888d
                                                                                                                                                                                      • Instruction ID: cd3ab9652e57334b64d9d140007e6eed0ed1f8a5953b3dcaa2a7ada916a12d81
                                                                                                                                                                                      • Opcode Fuzzy Hash: f750311aff661a04a86bbbada4284786bf27b8065a17484a8f486471230e888d
                                                                                                                                                                                      • Instruction Fuzzy Hash: B7D1E232B18A8089F760DF76D4442ACB7B2FB447D8B844235CE6E97B99DE38D006C350
                                                                                                                                                                                      Function 00007FF799671F70 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1956198572-0
                                                                                                                                                                                      • Opcode ID: 162ef6909b0da24e61350fefbcaa0130b5f771c4d53ef42d88aea1c24daf7f6c
                                                                                                                                                                                      • Instruction ID: bc90904309d3f667db24ee901797d85f9d580e76026818d8ac0b72da71b4ce20
                                                                                                                                                                                      • Opcode Fuzzy Hash: 162ef6909b0da24e61350fefbcaa0130b5f771c4d53ef42d88aea1c24daf7f6c
                                                                                                                                                                                      • Instruction Fuzzy Hash: A511E921E1824242F670AF79E5442B992F3EF89BC0FC54531E96907B8DCE2CE5C58210
                                                                                                                                                                                      Function 00007FF799694D3C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                      • String ID: ?
                                                                                                                                                                                      • API String ID: 1286766494-1684325040
                                                                                                                                                                                      • Opcode ID: c6b54485bead06bc5539c244e4ab75d05ddcaebff17989ae90453d9827129cd1
                                                                                                                                                                                      • Instruction ID: 6b01e440941dc5163ab57b0ecb3ed7e5a68d92ee47a57b60a1306a6ed90a2512
                                                                                                                                                                                      • Opcode Fuzzy Hash: c6b54485bead06bc5539c244e4ab75d05ddcaebff17989ae90453d9827129cd1
                                                                                                                                                                                      • Instruction Fuzzy Hash: 73411613B0829256FB74AF36941137AE6B2EF85BA4F944235EF6C07AD9DE3CD4418710
                                                                                                                                                                                      Function 00007FF799687E6C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • _invalid_parameter_noinfo.LIBCMT ref: 00007FF799687E9E
                                                                                                                                                                                        • Part of subcall function 00007FF799689E18: RtlFreeHeap.NTDLL(?,?,?,00007FF799691E42,?,?,?,00007FF799691E7F,?,?,00000000,00007FF799692345,?,?,?,00007FF799692277), ref: 00007FF799689E2E
                                                                                                                                                                                        • Part of subcall function 00007FF799689E18: GetLastError.KERNEL32(?,?,?,00007FF799691E42,?,?,?,00007FF799691E7F,?,?,00000000,00007FF799692345,?,?,?,00007FF799692277), ref: 00007FF799689E38
                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF79967B105), ref: 00007FF799687EBC
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                      • String ID: C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                      • API String ID: 3580290477-1493852099
                                                                                                                                                                                      • Opcode ID: 3943842da798c31a181edbdfd7e827be925f8530d91395b67a93139410b16115
                                                                                                                                                                                      • Instruction ID: d69124471f018cccae0e80c5d84f1b3ef7d7639a628cb99532278cae2eb1c6d6
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3943842da798c31a181edbdfd7e827be925f8530d91395b67a93139410b16115
                                                                                                                                                                                      • Instruction Fuzzy Hash: 26413D32A08B52C5FB24EF3694800B8E7BAEF45794BD44035EA5E47B85DF3DE5518360
                                                                                                                                                                                      Function 00007FF79968C108 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorFileLastWrite
                                                                                                                                                                                      • String ID: U
                                                                                                                                                                                      • API String ID: 442123175-4171548499
                                                                                                                                                                                      • Opcode ID: 4134df34369bde334de186fcdf44a7df93ab1702ff4cc21259579c47d67cfea1
                                                                                                                                                                                      • Instruction ID: c674b034956e11e7d4147ff2ed63dd633aebf65f3fdbd16420a39800683daa9b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4134df34369bde334de186fcdf44a7df93ab1702ff4cc21259579c47d67cfea1
                                                                                                                                                                                      • Instruction Fuzzy Hash: 05418232618A4186EB30EF65E4543A9F7B2FB88794F804031EA9D87798DF3DD445C750
                                                                                                                                                                                      Function 00007FF79968E508 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CurrentDirectory
                                                                                                                                                                                      • String ID: :
                                                                                                                                                                                      • API String ID: 1611563598-336475711
                                                                                                                                                                                      • Opcode ID: c96ce3ad044416fb9599911189556e1cf2cbbd82c862d3c5499b8d6e200c136e
                                                                                                                                                                                      • Instruction ID: a09eeda34d77d794f760f5627ac5d5e08f744e5ed0c2a8ee637f2b01ea036148
                                                                                                                                                                                      • Opcode Fuzzy Hash: c96ce3ad044416fb9599911189556e1cf2cbbd82c862d3c5499b8d6e200c136e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F21C162B0868182FB31BF26D45426DE3B3FB98B84FC54035DAAC03684DF7DE9458761
                                                                                                                                                                                      Function 00007FF799672880 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                      • String ID: Error detected
                                                                                                                                                                                      • API String ID: 1878133881-3513342764
                                                                                                                                                                                      • Opcode ID: 412921116a21d042ea7cc01f3b6226aa372ad23cfa1aaecee88db1efd33321aa
                                                                                                                                                                                      • Instruction ID: 72a35d2578bfbd66debe4400ba3a1f86263eecf90689500c1563fe9fbb1934c9
                                                                                                                                                                                      • Opcode Fuzzy Hash: 412921116a21d042ea7cc01f3b6226aa372ad23cfa1aaecee88db1efd33321aa
                                                                                                                                                                                      • Instruction Fuzzy Hash: F621537262878191F630AF21E4517EAA375FB84788FC05136EA9D47699DF3CD205C760
                                                                                                                                                                                      Function 00007FF799672770 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                      • String ID: Fatal error detected
                                                                                                                                                                                      • API String ID: 1878133881-4025702859
                                                                                                                                                                                      • Opcode ID: f7448773671dbda672e22a82cfe80c2e0aa70ed18289780b2b9e604a2b102c49
                                                                                                                                                                                      • Instruction ID: 370392ddde5b19fd3fd6f2c2f04d3a1aeec67d6fc58d05bf8affe2fa37159e22
                                                                                                                                                                                      • Opcode Fuzzy Hash: f7448773671dbda672e22a82cfe80c2e0aa70ed18289780b2b9e604a2b102c49
                                                                                                                                                                                      • Instruction Fuzzy Hash: AA21837262878191F630AF20E4517EAA375FB84788FC04136EA9D47A59DF3CD205C760
                                                                                                                                                                                      Function 00007FF79967EFB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                      • API String ID: 2573137834-1018135373
                                                                                                                                                                                      • Opcode ID: a9ac3328ea6075577af066dd04772514ea360050604432a87b0551bd96b2ca6b
                                                                                                                                                                                      • Instruction ID: b17b47fb378fbb744091bfc1783650c24abc21330beed59452ca14b197a67309
                                                                                                                                                                                      • Opcode Fuzzy Hash: a9ac3328ea6075577af066dd04772514ea360050604432a87b0551bd96b2ca6b
                                                                                                                                                                                      • Instruction Fuzzy Hash: ED113A36618B8182FB219F25F540269B7E6FB88B98F584230EE9C07B68DF3DD555CB00
                                                                                                                                                                                      Function 00007FF79968F00C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000000.00000002.2911881886.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000000.00000002.2911853503.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911926351.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2911963212.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000000.00000002.2912010188.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                      • String ID: :
                                                                                                                                                                                      • API String ID: 2595371189-336475711
                                                                                                                                                                                      • Opcode ID: f8eec6a66f3a594e824ddea09938586a7cad5545a492e04bdbecb8d953b03adc
                                                                                                                                                                                      • Instruction ID: dde30b3fd0988479af6cf27e77e808aa52c3a0143abc28a05ff0c63f7916f321
                                                                                                                                                                                      • Opcode Fuzzy Hash: f8eec6a66f3a594e824ddea09938586a7cad5545a492e04bdbecb8d953b03adc
                                                                                                                                                                                      • Instruction Fuzzy Hash: 57018F22928602CAFB31BF7594612BEE3B1EF58788FC41035E66D82691DE2CE544DA64

                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                      Function 61B04A60 Relevance: 114.9, APIs: 55, Strings: 10, Instructions: 1120COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Err_Format
                                                                                                                                                                                      • String ID: %s (%d:%d)$000000$<frozen %U>$OOy#|i$__main__$__mp_main__$__spec__$hdinfo$keyinfo${*
                                                                                                                                                                                      • API String ID: 376477240-2716110574
                                                                                                                                                                                      • Opcode ID: 9b1ab26a11ad1bb2733ac7d68b91d98a4ba956d7b6fbf290d621237b3ae3ad02
                                                                                                                                                                                      • Instruction ID: 157978833c5d2ffdb28cf7d92e9e324c6d243f66cbc8371f25dfafb05c8d7ccf
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9b1ab26a11ad1bb2733ac7d68b91d98a4ba956d7b6fbf290d621237b3ae3ad02
                                                                                                                                                                                      • Instruction Fuzzy Hash: B4A25C72205BC485EB198F66E8803993FA2FB8AF86F48D526DE9D47B64DF39C451C304
                                                                                                                                                                                      Function 61B05E70 Relevance: 114.4, APIs: 49, Strings: 16, Instructions: 658librarystringloaderCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 322 61b05e70-61b05e96 PySys_GetObject 323 61b0649b 322->323 324 61b05e9c-61b05ead PyTuple_GetItem 322->324 325 61b0649d-61b064b0 323->325 324->323 326 61b05eb3-61b05ed2 PyLong_AsLong PyTuple_GetItem 324->326 326->323 327 61b05ed8-61b05ef1 PyLong_AsLong PySys_GetObject 326->327 328 61b05ef3-61b05efc PyLong_AsVoidPtr 327->328 329 61b05eff-61b05f20 GetProcAddress 327->329 328->329 330 61b05f26-61b05f40 GetProcAddress 329->330 331 61b067ac 329->331 333 61b067d1-61b067d8 330->333 334 61b05f46-61b05f60 GetProcAddress 330->334 332 61b067b3-61b067cc PyErr_Format 331->332 332->325 333->332 335 61b05f66-61b05f8c PyModule_Create2 334->335 336 61b068da-61b068e1 334->336 335->323 337 61b05f92-61b05fa1 PyModule_GetName 335->337 336->332 337->323 338 61b05fa7-61b05fc2 strrchr 337->338 339 61b05fc4-61b05fdc malloc 338->339 340 61b05ffb-61b06002 338->340 339->340 343 61b05fde-61b05ff7 memcpy 339->343 341 61b06690-61b0669a 340->341 342 61b06008-61b06014 340->342 345 61b067a0-61b067a7 341->345 346 61b066a0-61b066a7 341->346 342->341 344 61b0601a-61b06029 342->344 343->340 347 61b067da-61b067e4 344->347 348 61b0602f-61b06047 PyBytes_FromStringAndSize 344->348 349 61b066aa-61b066ad 345->349 346->349 354 61b068f5 347->354 355 61b067ea-61b067f7 347->355 350 61b06495-61b06499 348->350 351 61b0604d-61b06060 PyBytes_AsString 348->351 352 61b066b3-61b066c6 call 61b013c0 349->352 353 61b06a4b-61b06a56 exit 349->353 350->323 356 61b064c7-61b064d0 _Py_Dealloc 350->356 357 61b064b1 351->357 358 61b06066-61b06077 malloc 351->358 371 61b06790-61b0679a 352->371 372 61b066cc-61b066d3 352->372 364 61b06901-61b06917 call 61b01660 354->364 355->353 360 61b067fd-61b06810 call 61b013c0 355->360 356->323 362 61b064b5-61b064b9 357->362 358->357 363 61b0607d-61b060bf PyCMethod_New 358->363 373 61b068e6-61b068f0 360->373 374 61b06816-61b0681d 360->374 362->350 367 61b064bb-61b064c5 _Py_Dealloc 362->367 368 61b064d2-61b064da 363->368 369 61b060c5-61b06105 PyCMethod_New 363->369 364->350 367->323 367->356 376 61b064e0-61b064e4 368->376 377 61b06614 _Py_Dealloc 368->377 369->368 378 61b0610b-61b0614b PyCMethod_New 369->378 375 61b066d6-61b066eb PyErr_Format 371->375 372->375 380 61b06820-61b06835 PyErr_Format 373->380 374->380 384 61b06700-61b0670e call 61b022f0 375->384 376->362 383 61b06620-61b0662b 377->383 378->368 381 61b06151-61b0617c PyBytes_FromStringAndSize 378->381 387 61b06840-61b0684b 380->387 381->350 382 61b06182-61b0629d PyBytes_AsString call 61b13af0 _time64 srand call 61b1bc90 381->382 382->387 409 61b062a3-61b062b2 call 61b1c100 382->409 385 61b06631-61b0663e 383->385 386 61b068ce 383->386 395 61b065f2-61b065fc call 61b02d60 384->395 396 61b06714 384->396 385->353 390 61b06644-61b06657 call 61b013c0 385->390 386->336 392 61b06851-61b0685e 387->392 393 61b0696c 387->393 405 61b068b3-61b068ba 390->405 406 61b0665d-61b06682 PyErr_Format 390->406 392->353 398 61b06864-61b06874 call 61b1c350 392->398 401 61b06978-61b0697f 393->401 395->350 414 61b06602-61b0660f 395->414 396->350 412 61b06937-61b06941 398->412 413 61b0687a-61b06881 398->413 411 61b06987-61b069a0 call 61b01660 401->411 416 61b068c2 405->416 406->350 409->387 419 61b062b8-61b062c7 call 61b1be70 409->419 411->350 418 61b06884-61b0689f PyErr_Format 412->418 413->418 414->325 416->386 418->350 419->387 423 61b062cd-61b062e1 call 61b1b8a0 419->423 426 61b069a5-61b069be call 61b01660 423->426 427 61b062e7-61b062fb call 61b1bb40 423->427 426->350 427->411 432 61b06301-61b06315 call 61b1b9f0 427->432 435 61b0631b-61b06341 call 61b1d690 432->435 436 61b069de-61b069f7 call 61b01660 432->436 435->364 441 61b06347-61b06399 call 61b1def0 435->441 436->350 444 61b069c3-61b069d9 call 61b01660 441->444 445 61b0639f-61b063a5 441->445 444->350 446 61b06a05-61b06a1e call 61b01660 445->446 447 61b063ab-61b063d5 445->447 446->350 450 61b064f0-61b06505 malloc 447->450 451 61b063db-61b063e3 447->451 456 61b06a23-61b06a32 _errno 450->456 457 61b0650b-61b06551 call 61b07220 call 61b7c1d0 450->457 454 61b063e5-61b063f4 strstr 451->454 455 61b0642f-61b0643a 451->455 454->455 459 61b063f6-61b0640f 454->459 460 61b06440-61b06450 455->460 461 61b069fc 455->461 458 61b06955-61b06967 call 61b07470 _errno 456->458 473 61b06557-61b06562 457->473 474 61b0691c-61b06932 call 61b01660 457->474 458->350 459->455 464 61b06411-61b06429 strncmp 459->464 460->353 465 61b06456-61b0646a call 61b013c0 460->465 461->446 464->450 464->455 465->401 472 61b06470-61b0648f PyErr_Format 465->472 472->350 475 61b06564 free 473->475 476 61b06569-61b06580 malloc 473->476 474->350 475->476 478 61b06946-61b0694f _errno 476->478 479 61b06586-61b065a1 memcpy 476->479 478->458 481 61b06720-61b0672b 479->481 482 61b065a7 479->482 481->416 483 61b06731-61b0673e 481->483 482->383 484 61b065a9-61b065ab 482->484 483->353 486 61b06744-61b06757 call 61b013c0 483->486 484->384 485 61b065b1-61b065bc 484->485 488 61b065c3-61b065da malloc 485->488 489 61b065be free 485->489 493 61b068a4-61b068ab 486->493 494 61b0675d-61b06782 PyErr_Format 486->494 491 61b065e0-61b065ed memcpy 488->491 492 61b06a37-61b06a46 _errno 488->492 489->488 491->395 492->458 493->405 494->350
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • PySys_GetObject.PYTHON39 ref: 61B05E8E
                                                                                                                                                                                      • PyTuple_GetItem.PYTHON39 ref: 61B05EA8
                                                                                                                                                                                      • PyLong_AsLong.PYTHON39 ref: 61B05EBD
                                                                                                                                                                                      • PyTuple_GetItem.PYTHON39 ref: 61B05ECD
                                                                                                                                                                                      • PyLong_AsLong.PYTHON39 ref: 61B05EDB
                                                                                                                                                                                      • PySys_GetObject.PYTHON39 ref: 61B05EEA
                                                                                                                                                                                      • PyLong_AsVoidPtr.PYTHON39 ref: 61B05EF6
                                                                                                                                                                                      • GetProcAddress.KERNEL32 ref: 61B05F14
                                                                                                                                                                                      • GetProcAddress.KERNEL32 ref: 61B05F34
                                                                                                                                                                                      • GetProcAddress.KERNEL32 ref: 61B05F54
                                                                                                                                                                                      • PyModule_Create2.PYTHON39 ref: 61B05F80
                                                                                                                                                                                      • PyModule_GetName.PYTHON39 ref: 61B05F95
                                                                                                                                                                                      • strrchr.MSVCRT ref: 61B05FBA
                                                                                                                                                                                      • malloc.MSVCRT ref: 61B05FD0
                                                                                                                                                                                      • memcpy.MSVCRT ref: 61B05FEA
                                                                                                                                                                                      • PyBytes_FromStringAndSize.PYTHON39 ref: 61B0603D
                                                                                                                                                                                      • PyBytes_AsString.PYTHON39 ref: 61B06057
                                                                                                                                                                                      • malloc.MSVCRT ref: 61B0606B
                                                                                                                                                                                      • PyCMethod_New.PYTHON39 ref: 61B060B9
                                                                                                                                                                                      • PyCMethod_New.PYTHON39 ref: 61B060FF
                                                                                                                                                                                      • PyCMethod_New.PYTHON39 ref: 61B06145
                                                                                                                                                                                      • PyBytes_FromStringAndSize.PYTHON39 ref: 61B0616F
                                                                                                                                                                                      • PyBytes_AsString.PYTHON39 ref: 61B06185
                                                                                                                                                                                      • _time64.MSVCRT ref: 61B06262
                                                                                                                                                                                      • srand.MSVCRT ref: 61B0626A
                                                                                                                                                                                      • strstr.MSVCRT ref: 61B063EC
                                                                                                                                                                                      • strncmp.MSVCRT ref: 61B06422
                                                                                                                                                                                      • PyErr_Format.PYTHON39 ref: 61B0648F
                                                                                                                                                                                      • _Py_Dealloc.PYTHON39 ref: 61B064BB
                                                                                                                                                                                      • _Py_Dealloc.PYTHON39 ref: 61B064CA
                                                                                                                                                                                      • malloc.MSVCRT ref: 61B064F5
                                                                                                                                                                                      • free.MSVCRT ref: 61B06564
                                                                                                                                                                                      • malloc.MSVCRT ref: 61B06570
                                                                                                                                                                                      • memcpy.MSVCRT ref: 61B06593
                                                                                                                                                                                      • free.MSVCRT ref: 61B065BE
                                                                                                                                                                                      • malloc.MSVCRT ref: 61B065CA
                                                                                                                                                                                      • memcpy.MSVCRT ref: 61B065ED
                                                                                                                                                                                      • _Py_Dealloc.PYTHON39 ref: 61B06614
                                                                                                                                                                                      • PyErr_Format.PYTHON39 ref: 61B06899
                                                                                                                                                                                        • Part of subcall function 61B1B860: memcmp.MSVCRT ref: 61B1C150
                                                                                                                                                                                        • Part of subcall function 61B1B860: memcmp.MSVCRT ref: 61B1C172
                                                                                                                                                                                        • Part of subcall function 61B1B860: memcmp.MSVCRT ref: 61B1C192
                                                                                                                                                                                        • Part of subcall function 61B1B860: memcmp.MSVCRT ref: 61B1C1B2
                                                                                                                                                                                        • Part of subcall function 61B1B860: memcmp.MSVCRT ref: 61B1C1D2
                                                                                                                                                                                        • Part of subcall function 61B1B860: memcmp.MSVCRT ref: 61B1C1F2
                                                                                                                                                                                        • Part of subcall function 61B1B860: memcmp.MSVCRT ref: 61B1C212
                                                                                                                                                                                        • Part of subcall function 61B1B860: memcmp.MSVCRT ref: 61B1BEA3
                                                                                                                                                                                        • Part of subcall function 61B1B860: memcmp.MSVCRT ref: 61B1BEC3
                                                                                                                                                                                        • Part of subcall function 61B1B860: memcmp.MSVCRT ref: 61B1BEE5
                                                                                                                                                                                        • Part of subcall function 61B1B860: memcmp.MSVCRT ref: 61B1BF05
                                                                                                                                                                                        • Part of subcall function 61B1B860: memcmp.MSVCRT ref: 61B1BF25
                                                                                                                                                                                        • Part of subcall function 61B1B860: memcmp.MSVCRT ref: 61B1BF45
                                                                                                                                                                                        • Part of subcall function 61B1B860: memcmp.MSVCRT ref: 61B1BF65
                                                                                                                                                                                        • Part of subcall function 61B1B860: memcmp.MSVCRT ref: 61B1BF85
                                                                                                                                                                                        • Part of subcall function 61B1B860: strcmp.MSVCRT ref: 61B1B8CB
                                                                                                                                                                                        • Part of subcall function 61B1B860: strcmp.MSVCRT ref: 61B1B8F5
                                                                                                                                                                                        • Part of subcall function 61B1B860: strcmp.MSVCRT ref: 61B1B914
                                                                                                                                                                                        • Part of subcall function 61B1B860: strcmp.MSVCRT ref: 61B1B933
                                                                                                                                                                                        • Part of subcall function 61B1B860: strcmp.MSVCRT ref: 61B1B952
                                                                                                                                                                                        • Part of subcall function 61B1B860: strcmp.MSVCRT ref: 61B1B96D
                                                                                                                                                                                        • Part of subcall function 61B1B860: strcmp.MSVCRT ref: 61B1B988
                                                                                                                                                                                        • Part of subcall function 61B1B860: strcmp.MSVCRT ref: 61B1B9A3
                                                                                                                                                                                        • Part of subcall function 61B1B860: strcmp.MSVCRT ref: 61B1BB6B
                                                                                                                                                                                        • Part of subcall function 61B1B860: strcmp.MSVCRT ref: 61B1BB8F
                                                                                                                                                                                        • Part of subcall function 61B1B860: strcmp.MSVCRT ref: 61B1BBAB
                                                                                                                                                                                        • Part of subcall function 61B1B860: strcmp.MSVCRT ref: 61B1BBCA
                                                                                                                                                                                        • Part of subcall function 61B1B860: strcmp.MSVCRT ref: 61B1BBE9
                                                                                                                                                                                        • Part of subcall function 61B1B860: strcmp.MSVCRT ref: 61B1BC04
                                                                                                                                                                                        • Part of subcall function 61B1B860: strcmp.MSVCRT ref: 61B1BC1F
                                                                                                                                                                                        • Part of subcall function 61B1B860: strcmp.MSVCRT ref: 61B1BC3A
                                                                                                                                                                                        • Part of subcall function 61B1B860: strcmp.MSVCRT ref: 61B1BA1B
                                                                                                                                                                                        • Part of subcall function 61B1B860: strcmp.MSVCRT ref: 61B1BA45
                                                                                                                                                                                        • Part of subcall function 61B1B860: strcmp.MSVCRT ref: 61B1BA64
                                                                                                                                                                                        • Part of subcall function 61B1B860: strcmp.MSVCRT ref: 61B1BA83
                                                                                                                                                                                        • Part of subcall function 61B1B860: strcmp.MSVCRT ref: 61B1BAA2
                                                                                                                                                                                        • Part of subcall function 61B1B860: strcmp.MSVCRT ref: 61B1BABD
                                                                                                                                                                                        • Part of subcall function 61B1B860: strcmp.MSVCRT ref: 61B1BAD8
                                                                                                                                                                                        • Part of subcall function 61B1B860: strcmp.MSVCRT ref: 61B1BAF3
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: strcmp$memcmp$malloc$Bytes_String$AddressDeallocLong_Method_Procmemcpy$Err_FormatFromItemLongModule_ObjectSizeSys_Tuple_free$Create2NameVoid_time64srandstrncmpstrrchrstrstr
                                                                                                                                                                                      • String ID: %s (%d:%d)$000000$9*$C_ASSERT_ARMORED_INDEX$C_ENTER_CO_OBJECT_INDEX$C_LEAVE_CO_OBJECT_INDEX$PyCell_Get$PyCell_New$PyCell_Set$aes$dllhandle$failed to get api %s$pyarmor_runtime_$sha256$sprng$version_info
                                                                                                                                                                                      • API String ID: 1407845306-1569967034
                                                                                                                                                                                      • Opcode ID: 3256bb439fac195dcaac9ca37934e80807b31e89a84ebadc07d2a8e2871b38ed
                                                                                                                                                                                      • Instruction ID: bf1f1d517f674da8726701b0166ee13e9f3f5abcebd80d3c0281abe7ed5815f9
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3256bb439fac195dcaac9ca37934e80807b31e89a84ebadc07d2a8e2871b38ed
                                                                                                                                                                                      • Instruction Fuzzy Hash: C952B032301BC085FB18CB16E89479D3BA6FB8AB85F499526CE5D477A0DF39D192C300
                                                                                                                                                                                      Function 00007FF799695D6C Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 1299 7ff799695d6c-7ff799695ddf call 7ff799695aa0 1302 7ff799695de1-7ff799695dea call 7ff799684424 1299->1302 1303 7ff799695df9-7ff799695e03 call 7ff799686cfc 1299->1303 1310 7ff799695ded-7ff799695df4 call 7ff799684444 1302->1310 1308 7ff799695e05-7ff799695e1c call 7ff799684424 call 7ff799684444 1303->1308 1309 7ff799695e1e-7ff799695e87 CreateFileW 1303->1309 1308->1310 1312 7ff799695f04-7ff799695f0f GetFileType 1309->1312 1313 7ff799695e89-7ff799695e8f 1309->1313 1327 7ff79969613a-7ff79969615a 1310->1327 1319 7ff799695f11-7ff799695f4c GetLastError call 7ff7996843b8 CloseHandle 1312->1319 1320 7ff799695f62-7ff799695f69 1312->1320 1316 7ff799695ed1-7ff799695eff GetLastError call 7ff7996843b8 1313->1316 1317 7ff799695e91-7ff799695e95 1313->1317 1316->1310 1317->1316 1325 7ff799695e97-7ff799695ecf CreateFileW 1317->1325 1319->1310 1333 7ff799695f52-7ff799695f5d call 7ff799684444 1319->1333 1323 7ff799695f71-7ff799695f74 1320->1323 1324 7ff799695f6b-7ff799695f6f 1320->1324 1330 7ff799695f7a-7ff799695fcf call 7ff799686c14 1323->1330 1331 7ff799695f76 1323->1331 1324->1330 1325->1312 1325->1316 1338 7ff799695fd1-7ff799695fdd call 7ff799695ca8 1330->1338 1339 7ff799695fee-7ff79969601f call 7ff799695820 1330->1339 1331->1330 1333->1310 1338->1339 1346 7ff799695fdf 1338->1346 1344 7ff799696021-7ff799696023 1339->1344 1345 7ff799696025-7ff799696067 1339->1345 1347 7ff799695fe1-7ff799695fe9 call 7ff799689f90 1344->1347 1348 7ff799696089-7ff799696094 1345->1348 1349 7ff799696069-7ff79969606d 1345->1349 1346->1347 1347->1327 1352 7ff799696138 1348->1352 1353 7ff79969609a-7ff79969609e 1348->1353 1349->1348 1351 7ff79969606f-7ff799696084 1349->1351 1351->1348 1352->1327 1353->1352 1355 7ff7996960a4-7ff7996960e9 CloseHandle CreateFileW 1353->1355 1356 7ff7996960eb-7ff799696119 GetLastError call 7ff7996843b8 call 7ff799686e3c 1355->1356 1357 7ff79969611e-7ff799696133 1355->1357 1356->1357 1357->1352
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1617910340-0
                                                                                                                                                                                      • Opcode ID: f9714f3a8e10acd42ca2d2c5b2c2c8a966f4ca54d5d677232d284773bb45134f
                                                                                                                                                                                      • Instruction ID: 76c5159c61e54c6556610012250eb58183f845362fea9be6cddc1d9cc7974633
                                                                                                                                                                                      • Opcode Fuzzy Hash: f9714f3a8e10acd42ca2d2c5b2c2c8a966f4ca54d5d677232d284773bb45134f
                                                                                                                                                                                      • Instruction Fuzzy Hash: D1C1A136B28A4186FB20EF79C4906BC7772FB49BA8B811225DE2E57795CF39D055C310
                                                                                                                                                                                      Function 61B1DEF0 Relevance: 21.3, APIs: 9, Strings: 5, Instructions: 254COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 552 61b1def0-61b1df29 553 61b1e18b-61b1e19f call 61b1b860 552->553 554 61b1df2f-61b1df32 552->554 559 61b1e1a4-61b1e1b4 memcmp 553->559 556 61b1e172-61b1e186 call 61b1b860 554->556 557 61b1df38-61b1df3b 554->557 556->553 560 61b1df41-61b1df44 557->560 561 61b1e159-61b1e16d call 61b1b860 557->561 563 61b1e1ba-61b1e1c0 559->563 564 61b1e0ae-61b1e0b1 free 559->564 565 61b1e140-61b1e154 call 61b1b860 560->565 566 61b1df4a-61b1df56 560->566 561->556 563->564 568 61b1e0b6-61b1e0bb free 564->568 565->561 569 61b1df80-61b1df83 566->569 570 61b1df58-61b1df60 566->570 575 61b1e0c5-61b1e0f4 568->575 571 61b1df85-61b1df95 call 61b1e8d0 569->571 572 61b1df97-61b1dfc2 569->572 570->569 573 61b1df62-61b1df77 570->573 571->572 571->573 572->573 585 61b1dfc4-61b1dfd9 malloc 572->585 578 61b1e1c5-61b1e1e0 call 61b21010 575->578 579 61b1e0fa-61b1e10f call 61b21010 575->579 578->568 579->568 585->573 586 61b1dfdb-61b1e002 call 61b1d200 585->586 587 61b1e009-61b1e00d 586->587 587->568 588 61b1e013-61b1e018 587->588 589 61b1e01a-61b1e029 free 588->589 590 61b1e02e-61b1e031 588->590 589->573 590->575 591 61b1e037-61b1e067 malloc 590->591 591->568 592 61b1e069-61b1e09c call 61b218a0 591->592 592->564 595 61b1e09e-61b1e0a1 592->595 596 61b1e111-61b1e132 595->596 597 61b1e0a3-61b1e0a8 595->597 598 61b1e1e5-61b1e2c3 call 61b1e930 596->598 599 61b1e138-61b1e13b 596->599 597->559 597->564 602 61b1e2c5-61b1e310 call 61b1e930 598->602 603 61b1e316-61b1e32d call 61b1fa60 598->603 599->568 602->603 608 61b1e3ad-61b1e3b0 free 602->608 603->608 609 61b1e32f-61b1e339 603->609 609->564 610 61b1e33f-61b1e357 609->610 610->564 611 61b1e35d-61b1e379 memcmp 610->611 611->564 612 61b1e37f-61b1e387 611->612 612->564 613 61b1e38d-61b1e3a2 memcmp 612->613 613->564 614 61b1e3a8 613->614 614->563
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: free$memcmp$malloc
                                                                                                                                                                                      • String ID: hash != NULL$key != NULL$sig != NULL$src/pk/rsa/rsa_verify_hash.c$stat != NULL
                                                                                                                                                                                      • API String ID: 2896619906-237625700
                                                                                                                                                                                      • Opcode ID: f62710dfa5047b8be358565e27639724d05ee2872defeb148e5b3f6399cf663b
                                                                                                                                                                                      • Instruction ID: dd91e0590c2925831473277797e347cfbc76b04df85af443c2c4fe0c3dc43fca
                                                                                                                                                                                      • Opcode Fuzzy Hash: f62710dfa5047b8be358565e27639724d05ee2872defeb148e5b3f6399cf663b
                                                                                                                                                                                      • Instruction Fuzzy Hash: 96B1BB322086C18AEB25CF52E4457CEBBA1F7C8B88F058415DE8947B9CDBBEC549CB40
                                                                                                                                                                                      Function 00007FF7996717B0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _fread_nolock$Message_invalid_parameter_noinfo
                                                                                                                                                                                      • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                                                                      • API String ID: 2153230061-4158440160
                                                                                                                                                                                      • Opcode ID: d41db9dafb006d6988dc9b8f9816cab54491ab02da0be31d1dc74b9ff1bd58df
                                                                                                                                                                                      • Instruction ID: 1520e5281ff2c77a7063f22a4efbb2fe4d32ca804f443b4e6700fccbcb388c44
                                                                                                                                                                                      • Opcode Fuzzy Hash: d41db9dafb006d6988dc9b8f9816cab54491ab02da0be31d1dc74b9ff1bd58df
                                                                                                                                                                                      • Instruction Fuzzy Hash: 89514C72A1970286FB64EF38D454178B3B2EB48B48B918136DA2D87799DF3CE541C760
                                                                                                                                                                                      Function 61B1A580 Relevance: 14.7, APIs: 4, Strings: 5, Instructions: 1167COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: a != NULL$b != NULL$c != NULL$d != NULL$src/math/tfm_desc.c
                                                                                                                                                                                      • API String ID: 0-1480740242
                                                                                                                                                                                      • Opcode ID: 1451852c553e1c08558ee9e4e3625b285a01856f0a5fe4665244bdf1d1192c45
                                                                                                                                                                                      • Instruction ID: 1fe6b53d353eda252f316e30b3dd988bcd037233a97710f5bcdca1a637a25b2e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1451852c553e1c08558ee9e4e3625b285a01856f0a5fe4665244bdf1d1192c45
                                                                                                                                                                                      • Instruction Fuzzy Hash: 399217717165C685FE1C87B5D5823E82636FB89B88F89E015CC19433B8DB6EC2A6CF10
                                                                                                                                                                                      Function 00007FF7996712B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Message
                                                                                                                                                                                      • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                      • API String ID: 2030045667-3659356012
                                                                                                                                                                                      • Opcode ID: cb37c7c555a097e53503e66ae81f7768bf9fe455ebe18429d4774cd0b372096b
                                                                                                                                                                                      • Instruction ID: 62d1080928c1f2fd2ba1252469e17ace3cf6550700a41940ae2740a5f9e9959a
                                                                                                                                                                                      • Opcode Fuzzy Hash: cb37c7c555a097e53503e66ae81f7768bf9fe455ebe18429d4774cd0b372096b
                                                                                                                                                                                      • Instruction Fuzzy Hash: B0416A22A0974281FA34FF25E4056BAE3B2EB44794FD54432DE6D47B55EE3CE5828720
                                                                                                                                                                                      Function 00007FF799671000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 273COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 1362 7ff799671000-7ff799673686 call 7ff79967f080 call 7ff79967f078 call 7ff799677600 call 7ff79967f078 call 7ff79967adb0 call 7ff799684270 call 7ff799684f14 call 7ff799671af0 1380 7ff79967368c-7ff79967369b call 7ff799673ba0 1362->1380 1381 7ff79967379a 1362->1381 1380->1381 1386 7ff7996736a1-7ff7996736b4 call 7ff799673a70 1380->1386 1383 7ff79967379f-7ff7996737bf call 7ff79967ad80 1381->1383 1386->1381 1390 7ff7996736ba-7ff7996736cd call 7ff799673b20 1386->1390 1390->1381 1393 7ff7996736d3-7ff7996736fa call 7ff799676990 1390->1393 1396 7ff79967373c-7ff799673764 call 7ff799676f90 call 7ff7996719d0 1393->1396 1397 7ff7996736fc-7ff79967370b call 7ff799676990 1393->1397 1407 7ff79967384d-7ff79967385e 1396->1407 1408 7ff79967376a-7ff799673780 call 7ff7996719d0 1396->1408 1397->1396 1402 7ff79967370d-7ff799673713 1397->1402 1405 7ff799673715-7ff79967371d 1402->1405 1406 7ff79967371f-7ff799673739 call 7ff79968409c call 7ff799676f90 1402->1406 1405->1406 1406->1396 1412 7ff799673873-7ff79967388b call 7ff799677a30 1407->1412 1413 7ff799673860-7ff79967386a call 7ff799673280 1407->1413 1419 7ff799673782-7ff799673795 call 7ff799672770 1408->1419 1420 7ff7996737c0-7ff7996737c3 1408->1420 1423 7ff79967388d-7ff799673899 call 7ff799672770 1412->1423 1424 7ff79967389e-7ff7996738a5 SetDllDirectoryW 1412->1424 1427 7ff7996738ab-7ff7996738b8 call 7ff799675e40 1413->1427 1428 7ff79967386c 1413->1428 1419->1381 1420->1407 1426 7ff7996737c9-7ff7996737e0 call 7ff799673cb0 1420->1426 1423->1381 1424->1427 1437 7ff7996737e7-7ff799673813 call 7ff799677200 1426->1437 1438 7ff7996737e2-7ff7996737e5 1426->1438 1435 7ff7996738ba-7ff7996738ca call 7ff799675ae0 1427->1435 1436 7ff799673906-7ff79967390b call 7ff799675dc0 1427->1436 1428->1412 1435->1436 1452 7ff7996738cc-7ff7996738db call 7ff799675640 1435->1452 1445 7ff799673910-7ff799673913 1436->1445 1447 7ff79967383d-7ff79967384b 1437->1447 1448 7ff799673815-7ff79967381d call 7ff79967f2ac 1437->1448 1442 7ff799673822-7ff799673838 call 7ff799672770 1438->1442 1442->1381 1450 7ff799673919-7ff799673926 1445->1450 1451 7ff7996739c6-7ff7996739ce call 7ff799673110 1445->1451 1447->1413 1448->1442 1454 7ff799673930-7ff79967393a 1450->1454 1461 7ff7996739d3-7ff7996739d5 1451->1461 1465 7ff7996738dd-7ff7996738e9 call 7ff7996755d0 1452->1465 1466 7ff7996738fc-7ff799673901 call 7ff799675890 1452->1466 1458 7ff79967393c-7ff799673941 1454->1458 1459 7ff799673943-7ff799673945 1454->1459 1458->1454 1458->1459 1463 7ff799673947-7ff79967396a call 7ff799671b30 1459->1463 1464 7ff799673991-7ff79967399c call 7ff799673270 call 7ff7996730b0 1459->1464 1461->1381 1462 7ff7996739db-7ff799673a12 call 7ff799676f20 call 7ff799676990 call 7ff7996753e0 1461->1462 1462->1381 1489 7ff799673a18-7ff799673a4d call 7ff799673270 call 7ff799676fd0 call 7ff799675890 call 7ff799675dc0 1462->1489 1463->1381 1476 7ff799673970-7ff79967397b 1463->1476 1483 7ff7996739a1-7ff7996739c1 call 7ff799673260 call 7ff799675890 call 7ff799675dc0 1464->1483 1465->1466 1477 7ff7996738eb-7ff7996738fa call 7ff799675c90 1465->1477 1466->1436 1480 7ff799673980-7ff79967398f 1476->1480 1477->1445 1480->1464 1480->1480 1483->1383 1502 7ff799673a57-7ff799673a61 call 7ff799671ab0 1489->1502 1503 7ff799673a4f-7ff799673a52 call 7ff799676c90 1489->1503 1502->1383 1503->1502
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00007FF799673BA0: GetModuleFileNameW.KERNEL32(?,00007FF799673699), ref: 00007FF799673BD1
                                                                                                                                                                                      • SetDllDirectoryW.KERNEL32 ref: 00007FF7996738A5
                                                                                                                                                                                        • Part of subcall function 00007FF799676990: GetEnvironmentVariableW.KERNEL32(00007FF7996736E7), ref: 00007FF7996769CA
                                                                                                                                                                                        • Part of subcall function 00007FF799676990: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7996769E7
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                                                                      • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                      • API String ID: 2344891160-3602715111
                                                                                                                                                                                      • Opcode ID: cd4524d5a1e723f4ec6554e8458012df770fbe15868bce12bb4c051718225b0b
                                                                                                                                                                                      • Instruction ID: 17648c3f57edaf7d73939be241e71ec42d2b6b071b4714ccadf525874e1cfd54
                                                                                                                                                                                      • Opcode Fuzzy Hash: cd4524d5a1e723f4ec6554e8458012df770fbe15868bce12bb4c051718225b0b
                                                                                                                                                                                      • Instruction Fuzzy Hash: A4B18F21A1C78355FA70BF31A9516FDA2B2BF44784FC0013AEA6D47796EE2CE6048730
                                                                                                                                                                                      Function 00007FF799671050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 1507 7ff799671050-7ff7996710ab call 7ff79967a610 1510 7ff7996710ad-7ff7996710d2 call 7ff799672770 1507->1510 1511 7ff7996710d3-7ff7996710eb call 7ff7996840b0 1507->1511 1516 7ff7996710ed-7ff799671104 call 7ff7996724d0 1511->1516 1517 7ff799671109-7ff799671119 call 7ff7996840b0 1511->1517 1522 7ff79967126c-7ff799671281 call 7ff79967a2f0 call 7ff79968409c * 2 1516->1522 1523 7ff79967111b-7ff799671132 call 7ff7996724d0 1517->1523 1524 7ff799671137-7ff799671147 1517->1524 1540 7ff799671286-7ff7996712a0 1522->1540 1523->1522 1527 7ff799671150-7ff799671175 call 7ff79967f5fc 1524->1527 1533 7ff79967125e 1527->1533 1534 7ff79967117b-7ff799671185 call 7ff79967f370 1527->1534 1538 7ff799671264 1533->1538 1534->1533 1541 7ff79967118b-7ff799671197 1534->1541 1538->1522 1542 7ff7996711a0-7ff7996711c8 call 7ff799678a60 1541->1542 1545 7ff7996711ca-7ff7996711cd 1542->1545 1546 7ff799671241-7ff79967125c call 7ff799672770 1542->1546 1547 7ff79967123c 1545->1547 1548 7ff7996711cf-7ff7996711d9 1545->1548 1546->1538 1547->1546 1550 7ff7996711db-7ff7996711e8 call 7ff79967fd3c 1548->1550 1551 7ff799671203-7ff799671206 1548->1551 1558 7ff7996711ed-7ff7996711f0 1550->1558 1553 7ff799671219-7ff79967121e 1551->1553 1554 7ff799671208-7ff799671216 call 7ff79967bb60 1551->1554 1553->1542 1557 7ff799671220-7ff799671223 1553->1557 1554->1553 1560 7ff799671237-7ff79967123a 1557->1560 1561 7ff799671225-7ff799671228 1557->1561 1562 7ff7996711fe-7ff799671201 1558->1562 1563 7ff7996711f2-7ff7996711fc call 7ff79967f370 1558->1563 1560->1538 1561->1546 1564 7ff79967122a-7ff799671232 1561->1564 1562->1546 1563->1553 1563->1562 1564->1527
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Message
                                                                                                                                                                                      • String ID: 1.2.13$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                      • API String ID: 2030045667-1655038675
                                                                                                                                                                                      • Opcode ID: fdf4f037b0c515b4f8b70e1854daf35ae58318cf6e65c931a18ebb070cc540bc
                                                                                                                                                                                      • Instruction ID: f57c4f518c918a6e20799b0583e1d9bb7b7502fd1792ec44fdb04e568c8c42f8
                                                                                                                                                                                      • Opcode Fuzzy Hash: fdf4f037b0c515b4f8b70e1854daf35ae58318cf6e65c931a18ebb070cc540bc
                                                                                                                                                                                      • Instruction Fuzzy Hash: A551B332A0978285FA30BF71E4403BAA2B2FB84798F954136DE6D47795EE3CE585C710
                                                                                                                                                                                      Function 00007FF79968AF2C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 1567 7ff79968af2c-7ff79968af52 1568 7ff79968af54-7ff79968af68 call 7ff799684424 call 7ff799684444 1567->1568 1569 7ff79968af6d-7ff79968af71 1567->1569 1587 7ff79968b35e 1568->1587 1571 7ff79968b347-7ff79968b353 call 7ff799684424 call 7ff799684444 1569->1571 1572 7ff79968af77-7ff79968af7e 1569->1572 1590 7ff79968b359 call 7ff799689db0 1571->1590 1572->1571 1573 7ff79968af84-7ff79968afb2 1572->1573 1573->1571 1576 7ff79968afb8-7ff79968afbf 1573->1576 1579 7ff79968afc1-7ff79968afd3 call 7ff799684424 call 7ff799684444 1576->1579 1580 7ff79968afd8-7ff79968afdb 1576->1580 1579->1590 1585 7ff79968afe1-7ff79968afe7 1580->1585 1586 7ff79968b343-7ff79968b345 1580->1586 1585->1586 1591 7ff79968afed-7ff79968aff0 1585->1591 1588 7ff79968b361-7ff79968b378 1586->1588 1587->1588 1590->1587 1591->1579 1594 7ff79968aff2-7ff79968b017 1591->1594 1596 7ff79968b019-7ff79968b01b 1594->1596 1597 7ff79968b04a-7ff79968b051 1594->1597 1600 7ff79968b042-7ff79968b048 1596->1600 1601 7ff79968b01d-7ff79968b024 1596->1601 1598 7ff79968b053-7ff79968b07b call 7ff79968cacc call 7ff799689e18 * 2 1597->1598 1599 7ff79968b026-7ff79968b03d call 7ff799684424 call 7ff799684444 call 7ff799689db0 1597->1599 1632 7ff79968b098-7ff79968b0c3 call 7ff79968b754 1598->1632 1633 7ff79968b07d-7ff79968b093 call 7ff799684444 call 7ff799684424 1598->1633 1630 7ff79968b1d0 1599->1630 1602 7ff79968b0c8-7ff79968b0df 1600->1602 1601->1599 1601->1600 1605 7ff79968b0e1-7ff79968b0e9 1602->1605 1606 7ff79968b15a-7ff79968b164 call 7ff799692a3c 1602->1606 1605->1606 1611 7ff79968b0eb-7ff79968b0ed 1605->1611 1617 7ff79968b16a-7ff79968b17f 1606->1617 1618 7ff79968b1ee 1606->1618 1611->1606 1615 7ff79968b0ef-7ff79968b105 1611->1615 1615->1606 1620 7ff79968b107-7ff79968b113 1615->1620 1617->1618 1622 7ff79968b181-7ff79968b193 GetConsoleMode 1617->1622 1626 7ff79968b1f3-7ff79968b213 ReadFile 1618->1626 1620->1606 1624 7ff79968b115-7ff79968b117 1620->1624 1622->1618 1629 7ff79968b195-7ff79968b19d 1622->1629 1624->1606 1631 7ff79968b119-7ff79968b131 1624->1631 1627 7ff79968b219-7ff79968b221 1626->1627 1628 7ff79968b30d-7ff79968b316 GetLastError 1626->1628 1627->1628 1634 7ff79968b227 1627->1634 1637 7ff79968b333-7ff79968b336 1628->1637 1638 7ff79968b318-7ff79968b32e call 7ff799684444 call 7ff799684424 1628->1638 1629->1626 1636 7ff79968b19f-7ff79968b1c1 ReadConsoleW 1629->1636 1639 7ff79968b1d3-7ff79968b1dd call 7ff799689e18 1630->1639 1631->1606 1640 7ff79968b133-7ff79968b13f 1631->1640 1632->1602 1633->1630 1642 7ff79968b22e-7ff79968b243 1634->1642 1644 7ff79968b1e2-7ff79968b1ec 1636->1644 1645 7ff79968b1c3 GetLastError 1636->1645 1649 7ff79968b1c9-7ff79968b1cb call 7ff7996843b8 1637->1649 1650 7ff79968b33c-7ff79968b33e 1637->1650 1638->1630 1639->1588 1640->1606 1648 7ff79968b141-7ff79968b143 1640->1648 1642->1639 1653 7ff79968b245-7ff79968b250 1642->1653 1644->1642 1645->1649 1648->1606 1657 7ff79968b145-7ff79968b155 1648->1657 1649->1630 1650->1639 1659 7ff79968b252-7ff79968b26b call 7ff79968ab44 1653->1659 1660 7ff79968b277-7ff79968b27f 1653->1660 1657->1606 1667 7ff79968b270-7ff79968b272 1659->1667 1663 7ff79968b281-7ff79968b293 1660->1663 1664 7ff79968b2fb-7ff79968b308 call 7ff79968a984 1660->1664 1668 7ff79968b295 1663->1668 1669 7ff79968b2ee-7ff79968b2f6 1663->1669 1664->1667 1667->1639 1671 7ff79968b29a-7ff79968b2a1 1668->1671 1669->1639 1672 7ff79968b2a3-7ff79968b2a7 1671->1672 1673 7ff79968b2dd-7ff79968b2e8 1671->1673 1674 7ff79968b2c3 1672->1674 1675 7ff79968b2a9-7ff79968b2b0 1672->1675 1673->1669 1676 7ff79968b2c9-7ff79968b2d9 1674->1676 1675->1674 1677 7ff79968b2b2-7ff79968b2b6 1675->1677 1676->1671 1678 7ff79968b2db 1676->1678 1677->1674 1679 7ff79968b2b8-7ff79968b2c1 1677->1679 1678->1669 1679->1676
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                      • Opcode ID: 6f2067f9e2b798d7e4aa60285487f192dd8020c4dcad372bd04a148e1f9d7242
                                                                                                                                                                                      • Instruction ID: 86794c04b9ad55259dcab2fc59ee1da035b8b22dfdb04dc0f5ab28f01c238609
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f2067f9e2b798d7e4aa60285487f192dd8020c4dcad372bd04a148e1f9d7242
                                                                                                                                                                                      • Instruction Fuzzy Hash: C1C1B232A1C686C2F671AF36A4502BDFBB2EBC5B80F990131DA6D07791DE7DE4458320
                                                                                                                                                                                      Function 00007FF79967B19C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1452418845-0
                                                                                                                                                                                      • Opcode ID: 90a7fcc3a81af5bf04ad81541e301d7d9fb9f11ea0fdd18d74326f9016f6428e
                                                                                                                                                                                      • Instruction ID: ef98173b451e7d1330a28b0dce26b1527f427888adae5cffd3e70a97cbe7e631
                                                                                                                                                                                      • Opcode Fuzzy Hash: 90a7fcc3a81af5bf04ad81541e301d7d9fb9f11ea0fdd18d74326f9016f6428e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C31F321E0D20285FA74BF75A4153B9A2B3AF91784FC94035EA3E4B3D7DE2CE8459271
                                                                                                                                                                                      Function 00007FF799684680 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1279662727-0
                                                                                                                                                                                      • Opcode ID: 8a464286a4aee93ad09e46d96520f5fa22b2a313ca22bba1db5411dbdbef7e96
                                                                                                                                                                                      • Instruction ID: f762ca71b1e01dd6d4904cb3212db958e1fba7dc521749b55fee4a5eaa0534a8
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8a464286a4aee93ad09e46d96520f5fa22b2a313ca22bba1db5411dbdbef7e96
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D418323D1878183F764AF329510379E2B2FB997A4F509334E6AC03AD5DF6CA5E08710
                                                                                                                                                                                      Function 00007FF79967F39C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                      • Opcode ID: bd665411d6c8cb657e02e9163d495b47fe1eb31481a6a537198dee777c004d3e
                                                                                                                                                                                      • Instruction ID: 359c939177313f5bf838d56d762ae192c8cfef23f85c4250f8bf1fe814172ced
                                                                                                                                                                                      • Opcode Fuzzy Hash: bd665411d6c8cb657e02e9163d495b47fe1eb31481a6a537198dee777c004d3e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C51A961B0974286FA74AE3A9400A7AE2B2BF44BB4F944735DE7D477CACF3CD4018620
                                                                                                                                                                                      Function 00007FF79968B604 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SetFilePointerEx.KERNEL32(?,?,?,?,00000000,00007FF79968B79D), ref: 00007FF79968B650
                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,00000000,00007FF79968B79D), ref: 00007FF79968B65A
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorFileLastPointer
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2976181284-0
                                                                                                                                                                                      • Opcode ID: ff2257711b1d275b862e663729d543ef4812b290fbf882e2e1232765a84f7875
                                                                                                                                                                                      • Instruction ID: 9cf9790c8b63c433ebf01f5e397d80e41410f2b3d4c9795c83f2626af0fab164
                                                                                                                                                                                      • Opcode Fuzzy Hash: ff2257711b1d275b862e663729d543ef4812b290fbf882e2e1232765a84f7875
                                                                                                                                                                                      • Instruction Fuzzy Hash: D81182A2618B4181EA20AF36A504169E772AB85BF4FD84331EA7D477D9DF7CD0558700
                                                                                                                                                                                      Function 00007FF799689E18 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RtlFreeHeap.NTDLL(?,?,?,00007FF799691E42,?,?,?,00007FF799691E7F,?,?,00000000,00007FF799692345,?,?,?,00007FF799692277), ref: 00007FF799689E2E
                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF799691E42,?,?,?,00007FF799691E7F,?,?,00000000,00007FF799692345,?,?,?,00007FF799692277), ref: 00007FF799689E38
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorFreeHeapLast
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 485612231-0
                                                                                                                                                                                      • Opcode ID: 875bb2537aa3df01b4a1e34b7b101e94a2dc47b4cb64fa0c1180c15e07a79d81
                                                                                                                                                                                      • Instruction ID: dbeda37524fa50c5b5854ae42925c430ec97fecaec647612b48f2ab46d76bec2
                                                                                                                                                                                      • Opcode Fuzzy Hash: 875bb2537aa3df01b4a1e34b7b101e94a2dc47b4cb64fa0c1180c15e07a79d81
                                                                                                                                                                                      • Instruction Fuzzy Hash: DAE08651F0D602C3FF387FB35849039D2B35F48B81BC44034CA2D46251EE2C68458230
                                                                                                                                                                                      Function 00007FF79968A028 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,00007FF799689EA5,?,?,00000000,00007FF799689F5A), ref: 00007FF79968A096
                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF799689EA5,?,?,00000000,00007FF799689F5A), ref: 00007FF79968A0A0
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseErrorHandleLast
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 918212764-0
                                                                                                                                                                                      • Opcode ID: 649148bb364a2e2bb6c01b4b98e8ba63ccdb9764b03dbbc10b4a89a301f042aa
                                                                                                                                                                                      • Instruction ID: 1e0f2eefaee9c4e309e563f10448470ff90ea0ba2d22df45376155c7b613c6d4
                                                                                                                                                                                      • Opcode Fuzzy Hash: 649148bb364a2e2bb6c01b4b98e8ba63ccdb9764b03dbbc10b4a89a301f042aa
                                                                                                                                                                                      • Instruction Fuzzy Hash: DC219F21B2C64281FA70BF36A454379D6B3AF847E8FC44235DA3E477D2DE6CA4458320
                                                                                                                                                                                      Function 00007FF79968B37C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                      • Opcode ID: 7edcb5c19051daea02f21c4053ec30bf8603933813fd22e9cae156a3527bc5bd
                                                                                                                                                                                      • Instruction ID: 35a90b5fe2d3c6857cdd0120ef2336a50a6dda7400d0510dc451b3adbe2297be
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7edcb5c19051daea02f21c4053ec30bf8603933813fd22e9cae156a3527bc5bd
                                                                                                                                                                                      • Instruction Fuzzy Hash: A541C332918601C7FA34EE36A551279F3B2EB96B41F981131D7AE936D5CF2CE402C761
                                                                                                                                                                                      Function 00007FF799677200 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _fread_nolock
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 840049012-0
                                                                                                                                                                                      • Opcode ID: f6e1a277aeb10fb1331bcda28daf97ff4345f1edc65603338a526cfa32bf5166
                                                                                                                                                                                      • Instruction ID: a557b2267482cd5e8ac648d8fb001619fb6baf0d9ce33e83678803ef10fac7ee
                                                                                                                                                                                      • Opcode Fuzzy Hash: f6e1a277aeb10fb1331bcda28daf97ff4345f1edc65603338a526cfa32bf5166
                                                                                                                                                                                      • Instruction Fuzzy Hash: F9218221B1979185FA31BE3269047BAE6A7BF45BD4FC84430EE2D07786CE7DE141C620
                                                                                                                                                                                      Function 00007FF79968AE0C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                      • Opcode ID: 36b0fbc90b3b462680d3b6a13c035726274d9c74de2b43bcb58660ea55cb43b3
                                                                                                                                                                                      • Instruction ID: c8791a88574331bda70ec47f18630e900064c4328027a1a39bca146c3aea5c51
                                                                                                                                                                                      • Opcode Fuzzy Hash: 36b0fbc90b3b462680d3b6a13c035726274d9c74de2b43bcb58660ea55cb43b3
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C319A22A18A52C1F771BF768800378E6B2AB84BA0FC10635EA3D037D2DF7CA4418731
                                                                                                                                                                                      Function 00007FF7996854C8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                      • Opcode ID: be1079961907d1906d587a3e65c1e024338dd0a3e917ec7f85ba85c18500dcb2
                                                                                                                                                                                      • Instruction ID: 19b1c3514b8161615b6b0f7be0a662435f2f2cc3a15f0a27e21e0f4a7c588c71
                                                                                                                                                                                      • Opcode Fuzzy Hash: be1079961907d1906d587a3e65c1e024338dd0a3e917ec7f85ba85c18500dcb2
                                                                                                                                                                                      • Instruction Fuzzy Hash: B1114D22A1D681C1FB70BF6394006B9E2B2EF85B80FC44471EAAC57A96DF7CD4408765
                                                                                                                                                                                      Function 00007FF79969575C Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                      • Opcode ID: bc68aba4551d34184bb05bda2552568f64e358e9307c55527e30db01171bb599
                                                                                                                                                                                      • Instruction ID: afb4cb9c84c4b16672b249610fa4c043537a43d8cb9933a40348c3cdc68e5ab2
                                                                                                                                                                                      • Opcode Fuzzy Hash: bc68aba4551d34184bb05bda2552568f64e358e9307c55527e30db01171bb599
                                                                                                                                                                                      • Instruction Fuzzy Hash: 68219232A18A4187EB71AF29E440379B6B2EB84B94F944235EB6D476D9DF3DD5008B10
                                                                                                                                                                                      Function 00007FF79967F61C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3215553584-0
                                                                                                                                                                                      • Opcode ID: f8ccbbb08b6b64fca274b3102351a157ba9f641dbe881e0fbefe782dfe020abd
                                                                                                                                                                                      • Instruction ID: 1e1809824cadbbab094565f335c9ee9a554a4d9770c799cf128da6c9ccde3737
                                                                                                                                                                                      • Opcode Fuzzy Hash: f8ccbbb08b6b64fca274b3102351a157ba9f641dbe881e0fbefe782dfe020abd
                                                                                                                                                                                      • Instruction Fuzzy Hash: 07015221A0874241F924EF769A01469E6B6AB45FE4F884631DE7C57BDADE3CD4014720
                                                                                                                                                                                      Function 00007FF7996771B0 Relevance: 1.5, APIs: 1, Instructions: 20libraryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00007FF799677A30: MultiByteToWideChar.KERNEL32 ref: 00007FF799677A6A
                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF7996730BE), ref: 00007FF7996771D3
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2592636585-0
                                                                                                                                                                                      • Opcode ID: 40288dba5275ddc15ffa15a91633118c838af53669fd85fdeca40e2098281cd9
                                                                                                                                                                                      • Instruction ID: 274bb6945943db6de8a36d5f5eaa58e0166e7420d03749e8f008c93fa6bc5a8d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 40288dba5275ddc15ffa15a91633118c838af53669fd85fdeca40e2098281cd9
                                                                                                                                                                                      • Instruction Fuzzy Hash: 94E08622B2814582FA28AF77A50547AE2A2AF4CBC0B889035DE1D07755DD2DD4918A00
                                                                                                                                                                                      Function 00007FF79968DD40 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • HeapAlloc.KERNEL32(?,?,00000000,00007FF79968A8B6,?,?,?,00007FF799689A73,?,?,00000000,00007FF799689D0E), ref: 00007FF79968DD95
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AllocHeap
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4292702814-0
                                                                                                                                                                                      • Opcode ID: 2e0f3e4b2c9ccc38d96cb592f5054ed38be707e8bf6a1ab6843b3be497aa41a7
                                                                                                                                                                                      • Instruction ID: e976644be2ce1d09281c2d8874e8c7cd721e3fe9a32ddcce93ff72a11234caff
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e0f3e4b2c9ccc38d96cb592f5054ed38be707e8bf6a1ab6843b3be497aa41a7
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0DF0FF54B59602C3FEB97E7355613B5D6B65F89B80F885570C92D962D2DD1CF4408330
                                                                                                                                                                                      Function 00007FF79968CACC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • HeapAlloc.KERNEL32(?,?,?,00007FF79967FE44,?,?,?,00007FF799681356,?,?,?,?,?,00007FF799682949), ref: 00007FF79968CB0A
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AllocHeap
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4292702814-0
                                                                                                                                                                                      • Opcode ID: c69b2b415516246c39874758743c65376e97b2ba2b88f646b423658d781f7dfd
                                                                                                                                                                                      • Instruction ID: 08d29385460776f724063a97913c8b6d9de385e3289545aa7d7ddcc484018619
                                                                                                                                                                                      • Opcode Fuzzy Hash: c69b2b415516246c39874758743c65376e97b2ba2b88f646b423658d781f7dfd
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7BF05810B1D642C5FF347EB35910275D1B64F487E0F884631D93E962C2EE2DA8808230

                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                      Function 61B09710 Relevance: 51.2, APIs: 27, Strings: 2, Instructions: 487COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • bad marshal data (index list too large), xrefs: 61B0AAC2
                                                                                                                                                                                      • EOF read where object expected, xrefs: 61B0B0CF
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Err_$AppendList_OccurredString
                                                                                                                                                                                      • String ID: EOF read where object expected$bad marshal data (index list too large)
                                                                                                                                                                                      • API String ID: 2605687773-1134984
                                                                                                                                                                                      • Opcode ID: d20bc11967a0df7eeceb4dafc404b8bc1cdd865c79c0078c75228aff31a60ded
                                                                                                                                                                                      • Instruction ID: 2d8e99c94c955a3e5ad6f9b4cca318c99481a50957bc89571da1349c892b77b5
                                                                                                                                                                                      • Opcode Fuzzy Hash: d20bc11967a0df7eeceb4dafc404b8bc1cdd865c79c0078c75228aff31a60ded
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F12AD7220ABD086EB69CB66E45435E7BA5FB89B86F09C919CE9D47754EF3CC404CB00
                                                                                                                                                                                      Function 00007FF799671B90 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 188windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$Window$Create$Move$ObjectSelect$#380BaseClientDialogDrawFontIndirectInfoParametersRectReleaseSystemTextUnits
                                                                                                                                                                                      • String ID: BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
                                                                                                                                                                                      • API String ID: 2446303242-1601438679
                                                                                                                                                                                      • Opcode ID: 47b3578659853d453a5822a751c8e2f63cfdf798862dd1eeebf7592aa26dc86d
                                                                                                                                                                                      • Instruction ID: 8efebc3e1171f3e2d67e87de0389b4b7f97b33dabfed5e3396ae1e20e574dc68
                                                                                                                                                                                      • Opcode Fuzzy Hash: 47b3578659853d453a5822a751c8e2f63cfdf798862dd1eeebf7592aa26dc86d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 49A17A36208B8187E724DF21E55479AB3B1F788B94F90412AEB9D43B24CF3DE1A5CB50
                                                                                                                                                                                      Function 61B10820 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 213threadCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • exceptions must derive from BaseException, xrefs: 61B10861
                                                                                                                                                                                      • calling %R should have returned an instance of BaseException, not %R, xrefs: 61B10AEA
                                                                                                                                                                                      • exception causes must derive from BaseException, xrefs: 61B108CA
                                                                                                                                                                                      • No active exception to reraise, xrefs: 61B10AB7
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Err_$DeallocState_StringThread$CheckExceptionFunctionResultTopmost
                                                                                                                                                                                      • String ID: No active exception to reraise$calling %R should have returned an instance of BaseException, not %R$exception causes must derive from BaseException$exceptions must derive from BaseException
                                                                                                                                                                                      • API String ID: 1467829791-3751834042
                                                                                                                                                                                      • Opcode ID: aebefd4a7ea844a460234a8d876653139166e11ed65c1779bd90bf9bf74eac3b
                                                                                                                                                                                      • Instruction ID: 7e7922426b9d7e76f363fb328cb47f23560ecff9d32d6c58889e73d61fd2f8d8
                                                                                                                                                                                      • Opcode Fuzzy Hash: aebefd4a7ea844a460234a8d876653139166e11ed65c1779bd90bf9bf74eac3b
                                                                                                                                                                                      • Instruction Fuzzy Hash: C181AD72709A9085FB094F6AE9563A97B62F786FD4F0D9421DF4A87728DF39C062C340
                                                                                                                                                                                      Function 61B11EB0 Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 156memoryfileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • _snprintf.MSVCRT ref: 61B11EFC
                                                                                                                                                                                      • CreateFileA.KERNEL32 ref: 61B11F30
                                                                                                                                                                                      • GlobalAlloc.KERNEL32 ref: 61B11F4A
                                                                                                                                                                                      • DeviceIoControl.KERNEL32 ref: 61B11FC4
                                                                                                                                                                                      • GlobalFree.KERNEL32 ref: 61B11FDA
                                                                                                                                                                                      • _snprintf.MSVCRT ref: 61B12017
                                                                                                                                                                                      • CreateFileA.KERNEL32 ref: 61B12044
                                                                                                                                                                                      • GlobalAlloc.KERNEL32 ref: 61B12065
                                                                                                                                                                                      • GlobalAlloc.KERNEL32 ref: 61B12074
                                                                                                                                                                                      • DeviceIoControl.KERNEL32 ref: 61B120BC
                                                                                                                                                                                      • GlobalFree.KERNEL32 ref: 61B120D5
                                                                                                                                                                                      • GlobalFree.KERNEL32 ref: 61B120DA
                                                                                                                                                                                      • CloseHandle.KERNEL32 ref: 61B120E4
                                                                                                                                                                                      • GlobalFree.KERNEL32 ref: 61B12106
                                                                                                                                                                                        • Part of subcall function 61B11B60: GetLastError.KERNEL32 ref: 61B11B64
                                                                                                                                                                                        • Part of subcall function 61B11B60: FormatMessageA.KERNEL32 ref: 61B11B95
                                                                                                                                                                                        • Part of subcall function 61B11B60: LocalFree.KERNEL32 ref: 61B11BB6
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Global$Free$Alloc$ControlCreateDeviceFile_snprintf$CloseErrorFormatHandleLastLocalMessage
                                                                                                                                                                                      • String ID: ../src/platforms/windows/hdinfo.c$/%d:$Empty serial number$SCSIDISK$\\.\PhysicalDrive%d$\\.\Scsi%d
                                                                                                                                                                                      • API String ID: 1119308327-3953537554
                                                                                                                                                                                      • Opcode ID: 9816c2723dc3a8214be3b09bf30df43bc1ed0df298bfd870376ac801cd2761ab
                                                                                                                                                                                      • Instruction ID: cb82978e4087179368a5e8d8e7d1879d4b0de90882f7ee9a7848302fd451922a
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9816c2723dc3a8214be3b09bf30df43bc1ed0df298bfd870376ac801cd2761ab
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1751133130468586E714DB62F81478B3B66F78ABE8F584225AF5A47BD8CF3DC556C304
                                                                                                                                                                                      Function 61B13000 Relevance: 38.6, APIs: 19, Strings: 3, Instructions: 149networkCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorLast$Cleanup$closesocketntohlsetsockopt$Startupgethostbynamehtonsrecvfromsendtosocket
                                                                                                                                                                                      • String ID: and,$http://$or,
                                                                                                                                                                                      • API String ID: 1750001962-2642771825
                                                                                                                                                                                      • Opcode ID: e681eac9eee50f18a619eeb7615204cfab5a51c810bb91e8385e42ee89cfb7d2
                                                                                                                                                                                      • Instruction ID: 6ae9db57c80ceb6f0f608a69dc14f6f4709141a617c7acf7f8311a24d7a45105
                                                                                                                                                                                      • Opcode Fuzzy Hash: e681eac9eee50f18a619eeb7615204cfab5a51c810bb91e8385e42ee89cfb7d2
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9A51803120978086E7149B65F81439ABBA1F789BB4F184329EBA847BE8DF7DC455CB40
                                                                                                                                                                                      Function 61B06BA0 Relevance: 26.6, APIs: 14, Strings: 1, Instructions: 366COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Err_Format$malloc
                                                                                                                                                                                      • String ID: %s (%d:%d)
                                                                                                                                                                                      • API String ID: 1817594650-1595188566
                                                                                                                                                                                      • Opcode ID: 4402b5b3f3da27668814f07db669554e403f3b2f8977d6c90200be4ce10281a3
                                                                                                                                                                                      • Instruction ID: d7ead3f36fc20aab2bd9600cdaf0289c3de5cbbe44b71f73df05e49420d5a9a2
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4402b5b3f3da27668814f07db669554e403f3b2f8977d6c90200be4ce10281a3
                                                                                                                                                                                      • Instruction Fuzzy Hash: 13E18E713057C091FF2D8B6AD4903A96F61FB8AB8AF48D516CE9E4B751DF2AC191C300
                                                                                                                                                                                      Function 61B12260 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 171fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseHandleisxdigitmemset$ControlCreateDeviceFileisprintmemcpywsprintf
                                                                                                                                                                                      • String ID: /%d:$\\.\PhysicalDrive%d
                                                                                                                                                                                      • API String ID: 2355516209-72258043
                                                                                                                                                                                      • Opcode ID: 539e0980b89c655e506ea7fcab5d8ac614b65f2fb97a52885634a194a2c3adcd
                                                                                                                                                                                      • Instruction ID: ba70bdf5610265abe11b235b78ad599b6f4773da65ded49ab53bb079925f3ecc
                                                                                                                                                                                      • Opcode Fuzzy Hash: 539e0980b89c655e506ea7fcab5d8ac614b65f2fb97a52885634a194a2c3adcd
                                                                                                                                                                                      • Instruction Fuzzy Hash: C951E47220C6C085E714CB36A88175B7BA2FBC3798F188255EEA547B9CDB7DC149C740
                                                                                                                                                                                      Function 61B21CC0 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 110encryptionCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Cryptclock$Context$Acquire$RandomRelease
                                                                                                                                                                                      • String ID: ($Microsoft Base Cryptographic Provider v1.0$out != NULL$src/prngs/rng_get_bytes.c
                                                                                                                                                                                      • API String ID: 2525729555-3762154145
                                                                                                                                                                                      • Opcode ID: 664029c3a03ce603981a67e03d759ef43b739e561f25fe8be545134a9185594b
                                                                                                                                                                                      • Instruction ID: bd5aa807cc7c4628d4cb9857e61ba6e15ff8c2353238977866f1f35c1fa32f3f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 664029c3a03ce603981a67e03d759ef43b739e561f25fe8be545134a9185594b
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4A31C772218AD0C5E714EB66E8403AA7AB5F789BD4F49D425DE4943724DF7BC446C340
                                                                                                                                                                                      Function 00007FFDFAFC266C Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 168COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: EnvironmentVariable$ByteCharMultiWide
                                                                                                                                                                                      • String ID: .rnd$HOME$RANDFILE$SYSTEMROOT$USERPROFILE
                                                                                                                                                                                      • API String ID: 2184640988-1666712896
                                                                                                                                                                                      • Opcode ID: 45285921c275070c670ca49d0546862358ccffd5776fb92ec22702d428bfbd5c
                                                                                                                                                                                      • Instruction ID: 91c2f4458b1c1c3a6839b0615171552380e9327c2856552766003b095141979c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 45285921c275070c670ca49d0546862358ccffd5776fb92ec22702d428bfbd5c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6761B723B09B8346EB149F25946057A6791FF49BA8B588235EE7D47BE8DF3DE005C300
                                                                                                                                                                                      Function 00007FFDFAEA12C0 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 343COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914267094.00007FFDFAEA1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAEA0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914243897.00007FFDFAEA0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAEA6000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF4E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF52000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914528563.00007FFDFAFAF000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914549078.00007FFDFAFB1000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaea0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Mem_$Malloc$DeallocErr_FreeMemory
                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                      • API String ID: 1635361834-4108050209
                                                                                                                                                                                      • Opcode ID: 5a26e20e75cb925fbbc9c56ae8020c188d100fa82e418ab62db65b67776e16e2
                                                                                                                                                                                      • Instruction ID: 10bd35d72d627182c72fa4ec231027eb51e7f43d885e906e628c85110efff340
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a26e20e75cb925fbbc9c56ae8020c188d100fa82e418ab62db65b67776e16e2
                                                                                                                                                                                      • Instruction Fuzzy Hash: F5E1D3B6B0C65385EB68AB15D428E7937A5FF64740F1445B1EA6F8A6C8DF3EE840C700
                                                                                                                                                                                      Function 00007FFDFAFC5A1F Relevance: 13.6, APIs: 9, Instructions: 73COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 313767242-0
                                                                                                                                                                                      • Opcode ID: 544d81e5d0bf66c33f804bb133da19342079062bac93336a06aa1597cb30c435
                                                                                                                                                                                      • Instruction ID: 5338f69ffefef489a6b6b4a7b4e43727de15a13118c08adc1d7f70f53074fcfd
                                                                                                                                                                                      • Opcode Fuzzy Hash: 544d81e5d0bf66c33f804bb133da19342079062bac93336a06aa1597cb30c435
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C312372706B8296EB649F60E8507ED7364FB44748F484439DA9E47AE8DF3CD548C710
                                                                                                                                                                                      Function 00007FFDFAEA3310 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914267094.00007FFDFAEA1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAEA0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914243897.00007FFDFAEA0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAEA6000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF4E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF52000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914528563.00007FFDFAFAF000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914549078.00007FFDFAFB1000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaea0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 313767242-0
                                                                                                                                                                                      • Opcode ID: d9e6df729bf43983b28923cb177ae3541e73e5dfa40f51ce2d15500382af1989
                                                                                                                                                                                      • Instruction ID: c8117b95ed82edbdcb4ed2cbea8f68031bd3056991d0446675c805ae0eaac316
                                                                                                                                                                                      • Opcode Fuzzy Hash: d9e6df729bf43983b28923cb177ae3541e73e5dfa40f51ce2d15500382af1989
                                                                                                                                                                                      • Instruction Fuzzy Hash: AD316FB6709B8286EB649F60E8A07ED7360FB55744F444039DA5E4BBD8DF39D548C700
                                                                                                                                                                                      Function 61B7D400 Relevance: 12.0, APIs: 8, Instructions: 50COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RtlCaptureContext.KERNEL32 ref: 61B7D414
                                                                                                                                                                                      • RtlLookupFunctionEntry.KERNEL32 ref: 61B7D42B
                                                                                                                                                                                      • RtlVirtualUnwind.KERNEL32 ref: 61B7D46D
                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32 ref: 61B7D4B1
                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32 ref: 61B7D4BE
                                                                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 61B7D4C4
                                                                                                                                                                                      • TerminateProcess.KERNEL32 ref: 61B7D4D2
                                                                                                                                                                                      • abort.MSVCRT ref: 61B7D4D8
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentEntryFunctionLookupTerminateUnwindVirtualabort
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4278921479-0
                                                                                                                                                                                      • Opcode ID: 565b4dba366b93dfe5723ea80be56f87d20ac07c4d9203be2a11d40ce13b90f1
                                                                                                                                                                                      • Instruction ID: 24a07919d90983fe8eb262763da414d11cd95f28c468d95535ec3116b44cb4b4
                                                                                                                                                                                      • Opcode Fuzzy Hash: 565b4dba366b93dfe5723ea80be56f87d20ac07c4d9203be2a11d40ce13b90f1
                                                                                                                                                                                      • Instruction Fuzzy Hash: B321F375210F0495EB049B65F8807D937A6FB0AB94F58A92AEA4E47724EF3AC166C340
                                                                                                                                                                                      Function 00007FFDFAEA1890 Relevance: 10.9, APIs: 7, Instructions: 428COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914267094.00007FFDFAEA1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAEA0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914243897.00007FFDFAEA0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAEA6000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF4E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF52000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914528563.00007FFDFAFAF000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914549078.00007FFDFAFB1000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaea0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Mem_$Free$DataErr_FromKindMallocMemoryReallocUnicode_
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 857045822-0
                                                                                                                                                                                      • Opcode ID: 132545a872591c33b0f38a43d07c0a6304a613e13b36cdfa53bc8be909f7a12d
                                                                                                                                                                                      • Instruction ID: c2c58760ea3cfd6aba32f4ea12ce2344857b22361370697a44b1283fcde494c2
                                                                                                                                                                                      • Opcode Fuzzy Hash: 132545a872591c33b0f38a43d07c0a6304a613e13b36cdfa53bc8be909f7a12d
                                                                                                                                                                                      • Instruction Fuzzy Hash: A80203B2B0865282EB6CAB14D474EB966A1EF95740F1441B1DAAF4E7C8DE3FE844D300
                                                                                                                                                                                      Function 00007FF79967B69C Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3140674995-0
                                                                                                                                                                                      • Opcode ID: 24fff5600ca101af0e2334446d678d156eb325a0e0e0c0538aba544f51e330ab
                                                                                                                                                                                      • Instruction ID: a9708fb7a3e633e3eb38e7d45f224c5d3cb3a5af0e966f563d7cd089b86e752e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 24fff5600ca101af0e2334446d678d156eb325a0e0e0c0538aba544f51e330ab
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4031FB76609B8186EB70AF74E8803E9A3B5FB84748F84443ADA5D47B98DF39D548C720
                                                                                                                                                                                      Function 00007FF799694E20 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF799694E65
                                                                                                                                                                                        • Part of subcall function 00007FF7996947B8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7996947CC
                                                                                                                                                                                        • Part of subcall function 00007FF799689E18: RtlFreeHeap.NTDLL(?,?,?,00007FF799691E42,?,?,?,00007FF799691E7F,?,?,00000000,00007FF799692345,?,?,?,00007FF799692277), ref: 00007FF799689E2E
                                                                                                                                                                                        • Part of subcall function 00007FF799689E18: GetLastError.KERNEL32(?,?,?,00007FF799691E42,?,?,?,00007FF799691E7F,?,?,00000000,00007FF799692345,?,?,?,00007FF799692277), ref: 00007FF799689E38
                                                                                                                                                                                        • Part of subcall function 00007FF799689DD0: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF799689DAF,?,?,?,?,?,00007FF7996821EC), ref: 00007FF799689DD9
                                                                                                                                                                                        • Part of subcall function 00007FF799689DD0: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF799689DAF,?,?,?,?,?,00007FF7996821EC), ref: 00007FF799689DFE
                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF799694E54
                                                                                                                                                                                        • Part of subcall function 00007FF799694818: _invalid_parameter_noinfo.LIBCMT ref: 00007FF79969482C
                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF7996950CA
                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF7996950DB
                                                                                                                                                                                      • _get_daylight.LIBCMT ref: 00007FF7996950EC
                                                                                                                                                                                      • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF79969532C), ref: 00007FF799695113
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4070488512-0
                                                                                                                                                                                      • Opcode ID: a9f1dad40c5644c1829df854b35cf2cff202b4769108a1d535aac39d904cb9be
                                                                                                                                                                                      • Instruction ID: d0c64f92b03ce063efc61caa5fbfd9126005503111557e4eeace3bce4477d8ee
                                                                                                                                                                                      • Opcode Fuzzy Hash: a9f1dad40c5644c1829df854b35cf2cff202b4769108a1d535aac39d904cb9be
                                                                                                                                                                                      • Instruction Fuzzy Hash: 78D1AD26A1825286FB34BF36D4501B9A7B3FF89794FC44136EA2D47785EE3CE4418760
                                                                                                                                                                                      Function 00007FF799689AE4 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1239891234-0
                                                                                                                                                                                      • Opcode ID: 4204087c2144b4154cc610f07160e172692864cccd6c23e577d201b1c5d7dbdf
                                                                                                                                                                                      • Instruction ID: e02bac7b03dbe61250b26fd3c13de4a0cf2c8a16a0d12732deda991ae49560da
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4204087c2144b4154cc610f07160e172692864cccd6c23e577d201b1c5d7dbdf
                                                                                                                                                                                      • Instruction Fuzzy Hash: AE315D36618B8186EB709F35E8402AEB3B5FB89758F940136EAAD43B95DF38D145CB10
                                                                                                                                                                                      Function 00007FF7996909B4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2227656907-0
                                                                                                                                                                                      • Opcode ID: 0bdd7a8416f1e28eb8c09c6b5c037a8b7871395a979be626bc7410ef92a9cb5d
                                                                                                                                                                                      • Instruction ID: 626e5933edbde6d71bf49e8fefc7ece27d86cf5c8d2fa147fde69814f6b31543
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0bdd7a8416f1e28eb8c09c6b5c037a8b7871395a979be626bc7410ef92a9cb5d
                                                                                                                                                                                      • Instruction Fuzzy Hash: F8B1A322B1869281FA70AF3694041B9E3B2EF45BE4FD45172EE6E47B89DE3CE441C350
                                                                                                                                                                                      Function 00007FFDFAFC22E8 Relevance: 6.4, APIs: 5, Instructions: 140COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: memmove$memset
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3790616698-0
                                                                                                                                                                                      • Opcode ID: 5c27fcc7b015d44772e24548af3a7e83aa402ed56b7fba7a99915febce0b760f
                                                                                                                                                                                      • Instruction ID: 6b8d44b3ad11ffa7f2c77faf73f3b022d9ef014df27b0c1debe8595577eb4363
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c27fcc7b015d44772e24548af3a7e83aa402ed56b7fba7a99915febce0b760f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6551B133B1A7868ADB10CB16E45066EABA5FB49BD4F444135EEAD477E9CE3CE501C700
                                                                                                                                                                                      Function 00007FFDFAFC2B5D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57networkCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorLastbind
                                                                                                                                                                                      • String ID: ..\s\crypto\bio\b_sock2.c
                                                                                                                                                                                      • API String ID: 2328862993-3200932406
                                                                                                                                                                                      • Opcode ID: 8475ffe534be1b52f8a83a963f2585e8110bc00f71c71f802b4263a764d0a002
                                                                                                                                                                                      • Instruction ID: 82aa73f83b8cb085d51381c6eb4c6714968a8d3660196c507c34695118a57588
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8475ffe534be1b52f8a83a963f2585e8110bc00f71c71f802b4263a764d0a002
                                                                                                                                                                                      • Instruction Fuzzy Hash: DB219F31F0954286E710DB26E814AAD6360FB85B98F414231EA7C47BEDDF3CE6558B00
                                                                                                                                                                                      Function 61B01CC0 Relevance: 2.5, Strings: 2, Instructions: 24COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: NtSetInformationThread$ntdll.dll
                                                                                                                                                                                      • API String ID: 0-3743287242
                                                                                                                                                                                      • Opcode ID: 274c879afbb5b6e5a5d495ebab3918bc64e79a8a5d3795ddb7a66c415120be98
                                                                                                                                                                                      • Instruction ID: 06f2ab34a2e6b676a108ac505a51ada70cf988f46cc73f37c5afbf63a685ecde
                                                                                                                                                                                      • Opcode Fuzzy Hash: 274c879afbb5b6e5a5d495ebab3918bc64e79a8a5d3795ddb7a66c415120be98
                                                                                                                                                                                      • Instruction Fuzzy Hash: FDF01C39314A4885EBA4EB45FC503853BA5F39DB98F481225EA9C83B74DF6DC262CB00
                                                                                                                                                                                      Function 61B9F1F8 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: e7d872c72239e51e91a853d1f2c6d10a77eedfd4674f578da79534aaa2f153f9
                                                                                                                                                                                      • Instruction ID: 5e7f2f1cef42c61c1dd0cf8b006f4354d8196b341844097bbd9eae6740158c0f
                                                                                                                                                                                      • Opcode Fuzzy Hash: e7d872c72239e51e91a853d1f2c6d10a77eedfd4674f578da79534aaa2f153f9
                                                                                                                                                                                      • Instruction Fuzzy Hash: D4C08CAB9ADBE00DD32AC9E08C1E0183F09D293910728846FAB2007690E70424128281
                                                                                                                                                                                      Function 00007FFDFAFC32F6 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 7c56cf6a6487dceeb00cd67b5ea337eb2185dad23aeb4fdd049dd72e8a09a134
                                                                                                                                                                                      • Instruction ID: a2435efe32b3cf1ef9499514209df7f51bac7e86e00274acf1a9541d7d4d9411
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c56cf6a6487dceeb00cd67b5ea337eb2185dad23aeb4fdd049dd72e8a09a134
                                                                                                                                                                                      • Instruction Fuzzy Hash: 52A002F8B15556296F6403615251B7406431A493C6CE29470A47A115984B1CB550A550
                                                                                                                                                                                      Function 00007FF799673DF0 Relevance: 291.0, APIs: 55, Strings: 111, Instructions: 457libraryloaderCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AddressProc
                                                                                                                                                                                      • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UTF8Mode$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UTF8Mode$Py_UnbufferedStdioFlag$Py_VerboseFlag
                                                                                                                                                                                      • API String ID: 190572456-3109299426
                                                                                                                                                                                      • Opcode ID: 67747be8a076f706c1c9372e7d2496993eaa02b7082083ef588a9e8b618be952
                                                                                                                                                                                      • Instruction ID: af28a62bc28cbfff440a094cc9098a9a928246895e0df10b99074c1d16a3e3b6
                                                                                                                                                                                      • Opcode Fuzzy Hash: 67747be8a076f706c1c9372e7d2496993eaa02b7082083ef588a9e8b618be952
                                                                                                                                                                                      • Instruction Fuzzy Hash: 40426F64A0EB0791FA75FF34B854174A2B3AF88794BC85176C92E06364EF7CF6589220
                                                                                                                                                                                      Function 00007FF7996755D0 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                      • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                      • API String ID: 2238633743-1453502826
                                                                                                                                                                                      • Opcode ID: ba523ba2b13c4ea14ee618d69630f35f7ff64aa3d65f3ca8e14aa07d75cb9247
                                                                                                                                                                                      • Instruction ID: 546daf0d824da9f2b12c76f8f05e1ef928d541f19300c744d51915337564c0f2
                                                                                                                                                                                      • Opcode Fuzzy Hash: ba523ba2b13c4ea14ee618d69630f35f7ff64aa3d65f3ca8e14aa07d75cb9247
                                                                                                                                                                                      • Instruction Fuzzy Hash: F0E1CF64A0DB0391FE75EF39A9501B4A3FBAF04794BC465B5C82E06768EF7CF5488221
                                                                                                                                                                                      Function 61B12870 Relevance: 75.7, APIs: 27, Strings: 16, Instructions: 436filestringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • fwrite.MSVCRT ref: 61B128AE
                                                                                                                                                                                        • Part of subcall function 61B12530: strlen.MSVCRT ref: 61B12553
                                                                                                                                                                                      • fprintf.MSVCRT ref: 61B128E7
                                                                                                                                                                                      • fputc.MSVCRT ref: 61B12919
                                                                                                                                                                                        • Part of subcall function 61B11BD0: GetProcessHeap.KERNEL32 ref: 61B11BF3
                                                                                                                                                                                        • Part of subcall function 61B11BD0: HeapAlloc.KERNEL32 ref: 61B11C07
                                                                                                                                                                                        • Part of subcall function 61B11BD0: GetAdaptersAddresses.IPHLPAPI ref: 61B11C2C
                                                                                                                                                                                        • Part of subcall function 61B11BD0: GetProcessHeap.KERNEL32 ref: 61B11C9F
                                                                                                                                                                                        • Part of subcall function 61B11BD0: HeapFree.KERNEL32 ref: 61B11CA9
                                                                                                                                                                                      • fprintf.MSVCRT ref: 61B12948
                                                                                                                                                                                        • Part of subcall function 61B119E0: GetProcessHeap.KERNEL32 ref: 61B11A01
                                                                                                                                                                                        • Part of subcall function 61B119E0: HeapAlloc.KERNEL32 ref: 61B11A16
                                                                                                                                                                                        • Part of subcall function 61B119E0: memcpy.MSVCRT ref: 61B11A8C
                                                                                                                                                                                        • Part of subcall function 61B119E0: GetProcessHeap.KERNEL32 ref: 61B11AAA
                                                                                                                                                                                        • Part of subcall function 61B119E0: HeapFree.KERNEL32 ref: 61B11AB5
                                                                                                                                                                                      • fputc.MSVCRT ref: 61B1297B
                                                                                                                                                                                        • Part of subcall function 61B11D60: GetProcessHeap.KERNEL32 ref: 61B11D83
                                                                                                                                                                                        • Part of subcall function 61B11D60: HeapAlloc.KERNEL32 ref: 61B11D97
                                                                                                                                                                                        • Part of subcall function 61B11D60: GetAdaptersAddresses.IPHLPAPI ref: 61B11DBF
                                                                                                                                                                                        • Part of subcall function 61B11D60: inet_ntoa.WS2_32 ref: 61B11DF7
                                                                                                                                                                                        • Part of subcall function 61B11D60: GetProcessHeap.KERNEL32 ref: 61B11E12
                                                                                                                                                                                        • Part of subcall function 61B11D60: HeapFree.KERNEL32 ref: 61B11E1C
                                                                                                                                                                                      • fprintf.MSVCRT ref: 61B129AA
                                                                                                                                                                                      • fputc.MSVCRT ref: 61B129BE
                                                                                                                                                                                        • Part of subcall function 61B12160: GetProcessHeap.KERNEL32 ref: 61B1217B
                                                                                                                                                                                        • Part of subcall function 61B12160: HeapAlloc.KERNEL32 ref: 61B1218F
                                                                                                                                                                                        • Part of subcall function 61B12160: GetNetworkParams.IPHLPAPI ref: 61B121C7
                                                                                                                                                                                        • Part of subcall function 61B12160: GetProcessHeap.KERNEL32 ref: 61B121E9
                                                                                                                                                                                        • Part of subcall function 61B12160: HeapFree.KERNEL32 ref: 61B121F3
                                                                                                                                                                                      • fprintf.MSVCRT ref: 61B129ED
                                                                                                                                                                                      • fwrite.MSVCRT ref: 61B12A0E
                                                                                                                                                                                      • strchr.MSVCRT ref: 61B12A3B
                                                                                                                                                                                      • fwrite.MSVCRT ref: 61B12A73
                                                                                                                                                                                      • fprintf.MSVCRT ref: 61B12A9B
                                                                                                                                                                                      • strchr.MSVCRT ref: 61B12AA8
                                                                                                                                                                                      • fprintf.MSVCRT ref: 61B12AC9
                                                                                                                                                                                      • fputc.MSVCRT ref: 61B12AE2
                                                                                                                                                                                      • fwrite.MSVCRT ref: 61B12B03
                                                                                                                                                                                      • malloc.MSVCRT ref: 61B12B0D
                                                                                                                                                                                      • fwrite.MSVCRT ref: 61B12EA7
                                                                                                                                                                                      • fwrite.MSVCRT ref: 61B12EC8
                                                                                                                                                                                      • fwrite.MSVCRT ref: 61B12EE9
                                                                                                                                                                                      • fwrite.MSVCRT ref: 61B12F0A
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • Hardware informations got by PyArmor:, xrefs: 61B12896
                                                                                                                                                                                      • Ip address: "%s", xrefs: 61B1299D
                                                                                                                                                                                      • "%s", xrefs: 61B12A7D, 61B12ABC
                                                                                                                                                                                      • Multiple Mac addresses: "<, xrefs: 61B12AEE
                                                                                                                                                                                      • Failed to get domain name., xrefs: 61B12EF5
                                                                                                                                                                                      • %02x, xrefs: 61B12E1D
                                                                                                                                                                                      • %02x:, xrefs: 61B12DBE
                                                                                                                                                                                      • >", xrefs: 61B12E67
                                                                                                                                                                                      • Failed to get harddisk information., xrefs: 61B12E92
                                                                                                                                                                                      • Failed to get mac address., xrefs: 61B12EB3
                                                                                                                                                                                      • Serial number of default harddisk: "%s", xrefs: 61B128DA
                                                                                                                                                                                      • Serial number with disk name: , xrefs: 61B12A5E
                                                                                                                                                                                      • Domain name: "%s", xrefs: 61B129E0
                                                                                                                                                                                      • Default Mac address: "%s", xrefs: 61B1293B
                                                                                                                                                                                      • Change logsv6.2.0(r21): Remove trailing dot from harddisk serial numberv6.4.2(r34): Support binding multiple mac addressesv6.5.3(r37): Support binding named harddiskv6.7.5(r45): Support mmc/sd card in Linux, xrefs: 61B129F9
                                                                                                                                                                                      • Failed to get ip address., xrefs: 61B12ED4
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Heap$Processfwrite$fprintf$AllocFreefputc$AdaptersAddressesstrchr$NetworkParamsinet_ntoamallocmemcpystrlen
                                                                                                                                                                                      • String ID: "%s"$Change logsv6.2.0(r21): Remove trailing dot from harddisk serial numberv6.4.2(r34): Support binding multiple mac addressesv6.5.3(r37): Support binding named harddiskv6.7.5(r45): Support mmc/sd card in Linux$%02x$%02x:$>"$Default Mac address: "%s"$Domain name: "%s"$Failed to get domain name.$Failed to get harddisk information.$Failed to get ip address.$Failed to get mac address.$Hardware informations got by PyArmor:$Ip address: "%s"$Multiple Mac addresses: "<$Serial number of default harddisk: "%s"$Serial number with disk name:
                                                                                                                                                                                      • API String ID: 944541899-3771683696
                                                                                                                                                                                      • Opcode ID: db3219e09e0fb247a25b2312391c9d39536882a8effaa6d4aee8210fa096ef22
                                                                                                                                                                                      • Instruction ID: 16528eb5665e835c1e272dd38225583e0f381d17a9191df4012963ce391d6b93
                                                                                                                                                                                      • Opcode Fuzzy Hash: db3219e09e0fb247a25b2312391c9d39536882a8effaa6d4aee8210fa096ef22
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D02DD32209BC086EB68DB66E44139E77A6FB8ABD4F558225DFAD47798DF39C040C701
                                                                                                                                                                                      Function 61B132E0 Relevance: 72.1, APIs: 35, Strings: 6, Instructions: 355networkstringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorLast$ioctlsockettoupper$Cleanupstrstr$closesocketgethostbynamememcmp$Startup_mktime64connecthtonsrecvselectsendsocketstrchr
                                                                                                                                                                                      • String ID: Dec$HEAD /%s HTTP/1.1Host: %sUser-Agent: PYARMOR.COREConnection: close$Nov$and,$http://$or,
                                                                                                                                                                                      • API String ID: 3493847099-1714119496
                                                                                                                                                                                      • Opcode ID: 02a2d7674616e2e3c99b27f16794fa242914ab50ceb356c8588bd29c13e0bf8a
                                                                                                                                                                                      • Instruction ID: 6180fe058d06a2827bb4e6e94531d92f00b8983930c33ff7c46746aaa89a51ba
                                                                                                                                                                                      • Opcode Fuzzy Hash: 02a2d7674616e2e3c99b27f16794fa242914ab50ceb356c8588bd29c13e0bf8a
                                                                                                                                                                                      • Instruction Fuzzy Hash: 01E1D27160CAC185EB19CB60E44179E7BB1E386BA8F09C625DA66477ACFB3DC14AC710
                                                                                                                                                                                      Function 61B07730 Relevance: 51.0, APIs: 24, Strings: 5, Instructions: 201COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • cannot import name %R from partially initialized module %R (most likely due to a circular import) (%S), xrefs: 61B079B5
                                                                                                                                                                                      • %U.%U, xrefs: 61B078E2
                                                                                                                                                                                      • <unknown module name>, xrefs: 61B07808
                                                                                                                                                                                      • cannot import name %R from %R (%S), xrefs: 61B0799A
                                                                                                                                                                                      • cannot import name %R from %R (unknown location), xrefs: 61B07855
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AttrErr_Object_Tuple_$ClearDeallocErrorFilenameFromImportLookupModule_ObjectSizeStringUnicode_
                                                                                                                                                                                      • String ID: %U.%U$<unknown module name>$cannot import name %R from %R (%S)$cannot import name %R from %R (unknown location)$cannot import name %R from partially initialized module %R (most likely due to a circular import) (%S)
                                                                                                                                                                                      • API String ID: 597108667-3215622635
                                                                                                                                                                                      • Opcode ID: ffd7c26c6b0ae444cfa18068a56d9014dcbae0be2f1b633e3c3726c5e6a93334
                                                                                                                                                                                      • Instruction ID: 356cd707825f7eb42aa7b84d236fa47ab784eb7e76fa9f41decbe8a0917b117b
                                                                                                                                                                                      • Opcode Fuzzy Hash: ffd7c26c6b0ae444cfa18068a56d9014dcbae0be2f1b633e3c3726c5e6a93334
                                                                                                                                                                                      • Instruction Fuzzy Hash: FF718232606BD495EA099F57E804799BBA5FB86FD2F0C9429EE8E07720EF79C155C300
                                                                                                                                                                                      Function 61B09490 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 252COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • bad marshal data (long size out of range), xrefs: 61B0A97C
                                                                                                                                                                                      • bad marshal data (digit out of range in long), xrefs: 61B09670
                                                                                                                                                                                      • bad marshal data (unnormalized long data), xrefs: 61B0AA1D
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Err_$Occurred$Long_String
                                                                                                                                                                                      • String ID: bad marshal data (digit out of range in long)$bad marshal data (long size out of range)$bad marshal data (unnormalized long data)
                                                                                                                                                                                      • API String ID: 3688822742-2912230410
                                                                                                                                                                                      • Opcode ID: 4753700ab105c2e4f8a8c425425dff79cb1dad85ed50970d6ec298854e3f58cc
                                                                                                                                                                                      • Instruction ID: 0a5ad268dbdf0cd53df9086e822cb3fe0e13803f0fdef34ef2eba7cd7c07ffc8
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4753700ab105c2e4f8a8c425425dff79cb1dad85ed50970d6ec298854e3f58cc
                                                                                                                                                                                      • Instruction Fuzzy Hash: 97A1BB3220ABD086EA18CF26D49435E3BA6F7C5B81F19D515CE8E87758EF38E415CB40
                                                                                                                                                                                      Function 61B0DC60 Relevance: 35.5, APIs: 19, Strings: 1, Instructions: 472fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: fwrite$Err_MemoryPy_hashtable_destroyPy_hashtable_new_full
                                                                                                                                                                                      • String ID: too many objects
                                                                                                                                                                                      • API String ID: 3535940709-4209268247
                                                                                                                                                                                      • Opcode ID: 92916da1ff7b32f274e81a4dc619cf206555a269b71aecaab789aec45e3c5b74
                                                                                                                                                                                      • Instruction ID: 7e16ca73a3778854a17c1ab29e9229b07010bd001c8e59bdf008c59a433d5aa1
                                                                                                                                                                                      • Opcode Fuzzy Hash: 92916da1ff7b32f274e81a4dc619cf206555a269b71aecaab789aec45e3c5b74
                                                                                                                                                                                      • Instruction Fuzzy Hash: 45128072209BC486DB08CB9AF44079EBFA1F785B90F648116EB9D07BA8DB7DD451CB40
                                                                                                                                                                                      Function 61B11080 Relevance: 35.3, APIs: 16, Strings: 4, Instructions: 254COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • too many positional arguments, xrefs: 61B114B4
                                                                                                                                                                                      • Can't remove argname from kwargs, xrefs: 61B112A6
                                                                                                                                                                                      • missing kwonly required arguments, xrefs: 61B1144A
                                                                                                                                                                                      • missing required positional arguments, xrefs: 61B111C1
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Dict_Err_ItemString$DeallocTuple_
                                                                                                                                                                                      • String ID: Can't remove argname from kwargs$missing kwonly required arguments$missing required positional arguments$too many positional arguments
                                                                                                                                                                                      • API String ID: 2174600326-1903473336
                                                                                                                                                                                      • Opcode ID: ec49b5482d368c8df5106ca1955a01da7c5b597917cd68458c5779a6ffccc9d7
                                                                                                                                                                                      • Instruction ID: a5f1f5bc57a8b6a08c19be9286aa1b6f849c29fb3157f51796564943c16fee19
                                                                                                                                                                                      • Opcode Fuzzy Hash: ec49b5482d368c8df5106ca1955a01da7c5b597917cd68458c5779a6ffccc9d7
                                                                                                                                                                                      • Instruction Fuzzy Hash: 45B17872209BC4C1EA298F66E84539A7775F796BA4F1E8621CE9D43B6CCF39C056C700
                                                                                                                                                                                      Function 61B0FC70 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 180COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • too many values to unpack (expected %d), xrefs: 61B0FDE4
                                                                                                                                                                                      • cannot unpack non-iterable %.200s object, xrefs: 61B0FE81
                                                                                                                                                                                      • not enough values to unpack (expected %d, got %d), xrefs: 61B0FEAD
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Err_$DeallocFormatIter_Next$CheckExceptionIterMatchesObject_OccurredSequence_
                                                                                                                                                                                      • String ID: cannot unpack non-iterable %.200s object$not enough values to unpack (expected %d, got %d)$too many values to unpack (expected %d)
                                                                                                                                                                                      • API String ID: 2492064420-2953850414
                                                                                                                                                                                      • Opcode ID: baf18a86a4b99e095e6810f2b6d77c250043e313fc5d7c669c49d815f71091bf
                                                                                                                                                                                      • Instruction ID: ef744e29b9a7218c4de91f067dca6eaddeefe549604e6cad2ece6bd0f5304abc
                                                                                                                                                                                      • Opcode Fuzzy Hash: baf18a86a4b99e095e6810f2b6d77c250043e313fc5d7c669c49d815f71091bf
                                                                                                                                                                                      • Instruction Fuzzy Hash: C361D332705A84C2EA199F6AE8443592B71F78AF96F0CDA1ACF2D07724DF39C096C304
                                                                                                                                                                                      Function 61B09753 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 172threadCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • PyErr_Occurred.PYTHON39 ref: 61B09764
                                                                                                                                                                                      • PyThreadState_Get.PYTHON39 ref: 61B09F23
                                                                                                                                                                                      • _Py_CheckFunctionResult.PYTHON39 ref: 61B09F6E
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • bad marshal data (index list too large), xrefs: 61B0ABB7
                                                                                                                                                                                      • bad marshal data (set size out of range), xrefs: 61B0A6B4
                                                                                                                                                                                      • NULL object in marshal data for set, xrefs: 61B0AB62
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CheckErr_FunctionOccurredResultState_Thread
                                                                                                                                                                                      • String ID: NULL object in marshal data for set$bad marshal data (index list too large)$bad marshal data (set size out of range)
                                                                                                                                                                                      • API String ID: 3239669425-600355161
                                                                                                                                                                                      • Opcode ID: f8fe88504f486383cece80157f09810dfb8ae224ec1cc20761054d90b08bcfbe
                                                                                                                                                                                      • Instruction ID: 9963891ee206362b072890b75f8feec9bb60d742fad6c1885389d28dc6d72daf
                                                                                                                                                                                      • Opcode Fuzzy Hash: f8fe88504f486383cece80157f09810dfb8ae224ec1cc20761054d90b08bcfbe
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B71A032205BD081EA6CCB66E49435E3BA6F786B92F08DE25CE5E437A4DF79C445CB40
                                                                                                                                                                                      Function 61B0D410 Relevance: 32.0, APIs: 17, Strings: 1, Instructions: 473fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: fwrite$Err_String
                                                                                                                                                                                      • String ID: too many objects
                                                                                                                                                                                      • API String ID: 4210527972-4209268247
                                                                                                                                                                                      • Opcode ID: 83116498ad8f340bf45f9a9299a0df317b399b65d5ae10a86c4b0f04fc9a711f
                                                                                                                                                                                      • Instruction ID: bb56bdfd509abbdd596c34c5efd41b3c0570625e0aaea404d1add80f7bd455fc
                                                                                                                                                                                      • Opcode Fuzzy Hash: 83116498ad8f340bf45f9a9299a0df317b399b65d5ae10a86c4b0f04fc9a711f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 17129EB2601B8486EB18CFA9E04078D7BB5F749FE8F548216DE6D17798DB39C592C380
                                                                                                                                                                                      Function 00007FFDFAFC1B77 Relevance: 31.7, APIs: 11, Strings: 7, Instructions: 204stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: strspn$strncmp
                                                                                                                                                                                      • String ID: $ $ ,$..\s\crypto\pem\pem_lib.c$DEK-Info:$ENCRYPTED$Proc-Type:
                                                                                                                                                                                      • API String ID: 1384302209-3505811795
                                                                                                                                                                                      • Opcode ID: 7985cfdb996600f2f998fb0a24256cf60aa534b4d69326ebc210f6f3ee5533b5
                                                                                                                                                                                      • Instruction ID: 78d6d2a2913fdfde2bbab257a27ba9d972bf783b9f900427e6ce2c272021c1a4
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7985cfdb996600f2f998fb0a24256cf60aa534b4d69326ebc210f6f3ee5533b5
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2691F162F0E64392F7248B12B424A793790EF15788F644034DAAD876E9EF3CE64AC744
                                                                                                                                                                                      Function 61B07CA0 Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • _PyFloat_Unpack8.PYTHON39 ref: 61B07CD1
                                                                                                                                                                                      • PyBuffer_FillInfo.PYTHON39 ref: 61B07D26
                                                                                                                                                                                      • PyMemoryView_FromBuffer.PYTHON39 ref: 61B07D34
                                                                                                                                                                                      • _PyObject_CallMethodId_SizeT.PYTHON39 ref: 61B07D54
                                                                                                                                                                                      • PyNumber_AsSsize_t.PYTHON39 ref: 61B07D73
                                                                                                                                                                                      • PyErr_SetString.PYTHON39 ref: 61B07EA1
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • read() returned too much data: %zd bytes requested, %zd returned, xrefs: 61B07E75
                                                                                                                                                                                      • marshal data too short, xrefs: 61B07E97
                                                                                                                                                                                      • EOF read where not expected, xrefs: 61B07E02
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: BufferBuffer_CallErr_FillFloat_FromInfoMemoryMethodNumber_Object_SizeSsize_tStringUnpack8View_
                                                                                                                                                                                      • String ID: EOF read where not expected$marshal data too short$read() returned too much data: %zd bytes requested, %zd returned
                                                                                                                                                                                      • API String ID: 3670709071-4172231876
                                                                                                                                                                                      • Opcode ID: d019913f847f30c8bebc26232874b0bcaac65057597a46339c6c8c21ec22e92a
                                                                                                                                                                                      • Instruction ID: 4a0d8fb1c443eb6e95440cb5a16b19eb135dd627b585dbdf6798abc8f50d1190
                                                                                                                                                                                      • Opcode Fuzzy Hash: d019913f847f30c8bebc26232874b0bcaac65057597a46339c6c8c21ec22e92a
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4851A272305A80C1FB488F6AE8447986B76F746FA6F089B15CAAD077E4DF79C496C340
                                                                                                                                                                                      Function 61B07ED0 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 120COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • PyBuffer_FillInfo.PYTHON39 ref: 61B07F56
                                                                                                                                                                                      • PyMemoryView_FromBuffer.PYTHON39 ref: 61B07F64
                                                                                                                                                                                      • _PyObject_CallMethodId_SizeT.PYTHON39 ref: 61B07F84
                                                                                                                                                                                      • PyNumber_AsSsize_t.PYTHON39 ref: 61B07FA3
                                                                                                                                                                                      • PyErr_SetString.PYTHON39 ref: 61B080D1
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • read() returned too much data: %zd bytes requested, %zd returned, xrefs: 61B080A5
                                                                                                                                                                                      • marshal data too short, xrefs: 61B080C7
                                                                                                                                                                                      • EOF read where not expected, xrefs: 61B08032
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: BufferBuffer_CallErr_FillFromInfoMemoryMethodNumber_Object_SizeSsize_tStringView_
                                                                                                                                                                                      • String ID: EOF read where not expected$marshal data too short$read() returned too much data: %zd bytes requested, %zd returned
                                                                                                                                                                                      • API String ID: 3120701247-4172231876
                                                                                                                                                                                      • Opcode ID: a60dcc3c046527dd03de6037672a6fa17c5b757ae78aedfb4145044aacaebb37
                                                                                                                                                                                      • Instruction ID: 3cc6df1538f21b2c13066cb3c83a0349c8e19e1894826a9acb6c546913db5d8b
                                                                                                                                                                                      • Opcode Fuzzy Hash: a60dcc3c046527dd03de6037672a6fa17c5b757ae78aedfb4145044aacaebb37
                                                                                                                                                                                      • Instruction Fuzzy Hash: E441A331306A80C1FE089B6AE84434C6761F74AFB9F189B29DA6D477E4EF79C556C340
                                                                                                                                                                                      Function 61B08230 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • PyBuffer_FillInfo.PYTHON39 ref: 61B082B2
                                                                                                                                                                                      • PyMemoryView_FromBuffer.PYTHON39 ref: 61B082C0
                                                                                                                                                                                      • _PyObject_CallMethodId_SizeT.PYTHON39 ref: 61B082E0
                                                                                                                                                                                      • PyNumber_AsSsize_t.PYTHON39 ref: 61B08302
                                                                                                                                                                                      • PyErr_Occurred.PYTHON39 ref: 61B0831B
                                                                                                                                                                                      • PyErr_Format.PYTHON39 ref: 61B0834A
                                                                                                                                                                                      • PyErr_SetString.PYTHON39 ref: 61B083F3
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • read() returned too much data: %zd bytes requested, %zd returned, xrefs: 61B08340
                                                                                                                                                                                      • marshal data too short, xrefs: 61B083E7
                                                                                                                                                                                      • EOF read where not expected, xrefs: 61B083C7
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Err_$BufferBuffer_CallFillFormatFromInfoMemoryMethodNumber_Object_OccurredSizeSsize_tStringView_
                                                                                                                                                                                      • String ID: EOF read where not expected$marshal data too short$read() returned too much data: %zd bytes requested, %zd returned
                                                                                                                                                                                      • API String ID: 2192429850-4172231876
                                                                                                                                                                                      • Opcode ID: 4bc3ebe6c7d35183ed2ff0aab1a0106db32bc5efa6b2dc0e640cd9d66d2fe57e
                                                                                                                                                                                      • Instruction ID: ee01b9dc640172dbf9036b9c22abdfbf67300644675eb42aa9a61e734353d830
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4bc3ebe6c7d35183ed2ff0aab1a0106db32bc5efa6b2dc0e640cd9d66d2fe57e
                                                                                                                                                                                      • Instruction Fuzzy Hash: FF418E31706E80C9EA188F5AE8403992761F786FA6F4C9B259E6E077E0DF39C165D340
                                                                                                                                                                                      Function 61B0FF30 Relevance: 27.2, APIs: 18, Instructions: 153COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Dealloc$CallCheckErr_Object_Signals
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 356930793-0
                                                                                                                                                                                      • Opcode ID: 72c4125c384d3d52217b503d4376bed16f16bb1ff6bd0e946b1d934026054d55
                                                                                                                                                                                      • Instruction ID: 47d40cf6ed5b1726683d778760eb8760c154053f5d136bda524cb8957fbe39bc
                                                                                                                                                                                      • Opcode Fuzzy Hash: 72c4125c384d3d52217b503d4376bed16f16bb1ff6bd0e946b1d934026054d55
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3351843274BA94C6EA0DAFA7994836C6B61FB47F92F0CC52DEF0546714DF29C0668384
                                                                                                                                                                                      Function 61B11BD0 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 108memoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • ../src/platforms/windows/hdinfo.c, xrefs: 61B11D27
                                                                                                                                                                                      • %02x:%02x:%02x:%02x:%02x:%02x, xrefs: 61B11C69
                                                                                                                                                                                      • Too small size, xrefs: 61B11D20
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Heap$Process$AdaptersAddressesAllocFree
                                                                                                                                                                                      • String ID: %02x:%02x:%02x:%02x:%02x:%02x$../src/platforms/windows/hdinfo.c$Too small size
                                                                                                                                                                                      • API String ID: 1283795797-3992030336
                                                                                                                                                                                      • Opcode ID: 363ac3b8add64117ca320a51acacd3df2f0fb84ba235e3ad47efa01060ec2998
                                                                                                                                                                                      • Instruction ID: 9a2538b4e3e5ae48bea6550d60e323e13510b6ceff0000d1fadcc199f04e46e0
                                                                                                                                                                                      • Opcode Fuzzy Hash: 363ac3b8add64117ca320a51acacd3df2f0fb84ba235e3ad47efa01060ec2998
                                                                                                                                                                                      • Instruction Fuzzy Hash: E9313D213091D146DB29DBBA7C017AE7BA2E78ABD4F0D8226BD58C7798EB3CC0018710
                                                                                                                                                                                      Function 00007FFDFAFC4E3F Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 205registryfileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Event$FileSource$ByteCharDeregisterHandleMultiRegisterReportTypeWideWrite__stdio_common_vsprintf__stdio_common_vswprintf
                                                                                                                                                                                      • String ID: $OpenSSL$OpenSSL: FATAL$no stack?
                                                                                                                                                                                      • API String ID: 2603057392-2963566556
                                                                                                                                                                                      • Opcode ID: f345fe9751aee154af01c3e1e6d1fa697fd8000db767964d7236d7de487c6ed0
                                                                                                                                                                                      • Instruction ID: 8b12512ac411f2165a730c76a81f0affa9b2506bedb81515d992f7b09e519bf6
                                                                                                                                                                                      • Opcode Fuzzy Hash: f345fe9751aee154af01c3e1e6d1fa697fd8000db767964d7236d7de487c6ed0
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2491F472B09B8382EB209F24D8605B93360FF49B94F444335EA6D07AE9EF38E255C300
                                                                                                                                                                                      Function 00007FFDFAEA1130 Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 184COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914267094.00007FFDFAEA1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAEA0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914243897.00007FFDFAEA0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAEA6000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF4E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF52000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914528563.00007FFDFAFAF000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914549078.00007FFDFAFB1000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaea0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Unicode_$Equal$Arg_Ready$ArgumentCheckMallocMem_Positional
                                                                                                                                                                                      • String ID: argument 1$argument 2$invalid normalization form$normalize$str
                                                                                                                                                                                      • API String ID: 3725739812-4140678229
                                                                                                                                                                                      • Opcode ID: b450521267b83ec0bbf49fde9e350a083d5fa8b3e0857ea2902bd2929478d89b
                                                                                                                                                                                      • Instruction ID: d474204e688de8b17a2c74230b046c28bbdca7aa9435ea141ade896342368e08
                                                                                                                                                                                      • Opcode Fuzzy Hash: b450521267b83ec0bbf49fde9e350a083d5fa8b3e0857ea2902bd2929478d89b
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C71BFA5B0C68281FB6CAB199474AB923A1AF45BC4F4441B1DD7F8F6DDCF2EE8019310
                                                                                                                                                                                      Function 61B0F8F0 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • Invalid type for op_build, xrefs: 61B0FB4C
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: List_$DeallocDict_$ExtendTuple_Update
                                                                                                                                                                                      • String ID: Invalid type for op_build
                                                                                                                                                                                      • API String ID: 3794787204-1006902009
                                                                                                                                                                                      • Opcode ID: 5d3a9f82f514a1028893c82baec622d8300dba99b9e855454a4de14212b38e9d
                                                                                                                                                                                      • Instruction ID: 630ab13a6db8c17df40f48c224592959fdc620cb32f36b61d6257f226eba0a49
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d3a9f82f514a1028893c82baec622d8300dba99b9e855454a4de14212b38e9d
                                                                                                                                                                                      • Instruction Fuzzy Hash: DB51B172705B8497FE1D8B9AA91036D2B61FB46FD6F48C52DCE1D43714EF29C4868348
                                                                                                                                                                                      Function 61B10DA0 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 175COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • Too many format strings, xrefs: 61B10DDD
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Dealloc$Err_FormatObject_StringUnicode_
                                                                                                                                                                                      • String ID: Too many format strings
                                                                                                                                                                                      • API String ID: 3094464462-2091874682
                                                                                                                                                                                      • Opcode ID: abd871ec8b6dcc8482dec338cd7dda9285344f5e9edb024f864e6e779a3327df
                                                                                                                                                                                      • Instruction ID: 311fdbc2159f5c82e24c5e831bc7bd646c4594c4a42db95c49af0ab63a383d4f
                                                                                                                                                                                      • Opcode Fuzzy Hash: abd871ec8b6dcc8482dec338cd7dda9285344f5e9edb024f864e6e779a3327df
                                                                                                                                                                                      • Instruction Fuzzy Hash: 38518132A0DAD4C0EA1D9B66E9863AD7761F786B94F4D8525DE098771CEF29C036C340
                                                                                                                                                                                      Function 61B01A30 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 172COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: DictDict_Err_Eval_FormatFrameFunction_ItemModule_SelfStringUnicode_
                                                                                                                                                                                      • String ID: %s (%d:%d)$__dict__$__pyarmor__$protection exception (%d)
                                                                                                                                                                                      • API String ID: 3372622024-629680938
                                                                                                                                                                                      • Opcode ID: c9042c23ed243da6d5f550f6f3c0c6ac5fcb0c5bba972b0dbbce67dbdeac3b6d
                                                                                                                                                                                      • Instruction ID: 9b8d16f8da59197286febe7f0852669385df4d0e5ed28e7b6872a74728882d38
                                                                                                                                                                                      • Opcode Fuzzy Hash: c9042c23ed243da6d5f550f6f3c0c6ac5fcb0c5bba972b0dbbce67dbdeac3b6d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3B515E76701A8491FF1D9B56D8847A82F72EB89FD9F4D9825CE2D4B361EF29C096C300
                                                                                                                                                                                      Function 61B11720 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Dealloc$ItemMethod_Tuple_$BuildFunction_NameQualSubtypeType_ValueWith
                                                                                                                                                                                      • String ID: (O)
                                                                                                                                                                                      • API String ID: 593819998-4232840684
                                                                                                                                                                                      • Opcode ID: 3e2943a225880bfe03375c41d8c0273701e36c65207dde3a4d115b9b67f2ee51
                                                                                                                                                                                      • Instruction ID: 0815fd226ef0d4b28c8224a78447218078cd7da639a65b5d36e747a201b33fce
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3e2943a225880bfe03375c41d8c0273701e36c65207dde3a4d115b9b67f2ee51
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3E51913260AAD081FB1D8F72E9457AA6B76F756BD0F1ED524DE5906B18DF39C052C300
                                                                                                                                                                                      Function 61B07A80 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 119COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • read() returned too much data: %zd bytes requested, %zd returned, xrefs: 61B07B6F
                                                                                                                                                                                      • EOF read where not expected, xrefs: 61B07BD7
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Err_$Mem_Memory$BufferBuffer_CallDeallocFillFormatFromInfoMallocMethodNumber_Object_OccurredReallocSizeSsize_tView_
                                                                                                                                                                                      • String ID: EOF read where not expected$read() returned too much data: %zd bytes requested, %zd returned
                                                                                                                                                                                      • API String ID: 3190434935-3742967138
                                                                                                                                                                                      • Opcode ID: 8ca1a984f196879fd2f02d17bac483d3836b9fe7d86ea2917728693cd5a60c8a
                                                                                                                                                                                      • Instruction ID: 4b347ada7bb6f1d23960848c715b2146f020567fc1ef6fbd5babe2c722632bda
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ca1a984f196879fd2f02d17bac483d3836b9fe7d86ea2917728693cd5a60c8a
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5441D331301E8085FA159B66E8503A8A765F745FE6F489A25CF6D477A4EF79C0EBC300
                                                                                                                                                                                      Function 61B1C450 Relevance: 21.3, APIs: 5, Strings: 9, Instructions: 319COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: callocfree
                                                                                                                                                                                      • String ID: A != NULL$B != NULL$C != NULL$P != NULL$kA != NULL$kB != NULL$modulus != NULL$src/pk/ecc/ltc_ecc_map.c$src/pk/ecc/ltc_ecc_mul2add.c
                                                                                                                                                                                      • API String ID: 306872129-190324370
                                                                                                                                                                                      • Opcode ID: 3cbaafa0f788e69011bfad0947c71d40fb751170d77a03a22cdc138e443baac1
                                                                                                                                                                                      • Instruction ID: 3f4c28c6bbbcf4a80a304831cf36531c6052ac2d332daf2503d16a810e6c740a
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3cbaafa0f788e69011bfad0947c71d40fb751170d77a03a22cdc138e443baac1
                                                                                                                                                                                      • Instruction Fuzzy Hash: CEC1AD32608AC486EB54CFA2E8447DE6775F789BD4F469026EE8D97718EF78C444CB40
                                                                                                                                                                                      Function 00007FFDFAFC1C1C Relevance: 21.3, APIs: 5, Strings: 9, Instructions: 267stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: strcmp$strncmp
                                                                                                                                                                                      • String ID: ..\s\crypto\asn1\asn_mime.c$application/pkcs7-mime$application/pkcs7-signature$application/x-pkcs7-mime$application/x-pkcs7-signature$boundary$content-type$multipart/signed$type:
                                                                                                                                                                                      • API String ID: 1244041713-3630080479
                                                                                                                                                                                      • Opcode ID: 7ebc3a45523df780ecbf5d5eee50afa3b023d1eb5b1fbd1f84c6fabd0e5d4c90
                                                                                                                                                                                      • Instruction ID: 9592b08d84e125deb5f06c675fdf021fa690552221937dc3171b06686c353e7e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7ebc3a45523df780ecbf5d5eee50afa3b023d1eb5b1fbd1f84c6fabd0e5d4c90
                                                                                                                                                                                      • Instruction Fuzzy Hash: E9C19E61B0D24751FB24EB12A460EB9A3A1EF86B94F549131E92D0B7EEDF3CE605D700
                                                                                                                                                                                      Function 00007FFDFAFC1F69 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 135COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: ..\s\crypto\rand\randfile.c$Filename=$i
                                                                                                                                                                                      • API String ID: 0-1799673945
                                                                                                                                                                                      • Opcode ID: 7d1977694894f8042029fe63fd36c3481b6e532379de41e032ad477ae45bac35
                                                                                                                                                                                      • Instruction ID: 930e5c4d9f7858ae6913e50e0f93b617dddf2c0e39606ea23a27a6e62a102ec6
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d1977694894f8042029fe63fd36c3481b6e532379de41e032ad477ae45bac35
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0251A522F0DA4386F714EB15D860A7A63A1FF89B88F444135E96D4B6EDEF3CE5058701
                                                                                                                                                                                      Function 00007FF799671440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                      • API String ID: 0-666925554
                                                                                                                                                                                      • Opcode ID: b665b256f8f74031ebff00b00e7ffbf71a07c123787cadc40d721d792f853b1b
                                                                                                                                                                                      • Instruction ID: 431e0b96d680a771f388b5a51257a13207570ef71a798b34e7d1a9979dfd1b16
                                                                                                                                                                                      • Opcode Fuzzy Hash: b665b256f8f74031ebff00b00e7ffbf71a07c123787cadc40d721d792f853b1b
                                                                                                                                                                                      • Instruction Fuzzy Hash: AA518865A0974281FA30BF35E5046B9A3B2AF45BD4FC54132DE2D4779AEE3CE6858320
                                                                                                                                                                                      Function 61B7CF50 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 123fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: File_errno$CloseCreateErrorHandleLastMappingView
                                                                                                                                                                                      • String ID: $@$@
                                                                                                                                                                                      • API String ID: 896588047-3743272326
                                                                                                                                                                                      • Opcode ID: 8c5352527e7b86c1f137caadf43ac438e7407e9b3af5fa1e0f41d598a61b0f11
                                                                                                                                                                                      • Instruction ID: 5e26c78caa93fa4c6daeca62d423b8ea948e99d1822da1dc052966d65739ad3e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c5352527e7b86c1f137caadf43ac438e7407e9b3af5fa1e0f41d598a61b0f11
                                                                                                                                                                                      • Instruction Fuzzy Hash: FE4125B3A1569049FB365B96BC007896911B78ABF4F499326EF795B7D0EB3CC881C300
                                                                                                                                                                                      Function 61B10BD0 Relevance: 21.1, APIs: 14, Instructions: 93COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Err_$Restore$DeallocExceptionException_FetchNormalize$Back_ContextEval_FrameHereOccurredTraceTraceback
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4214459649-0
                                                                                                                                                                                      • Opcode ID: c368ba221dffe94a581079cb90e5fd2acaa62b293e5c09470adb001c49ae980b
                                                                                                                                                                                      • Instruction ID: dc2592a7a8579d1e295491155b46764e0925141968f26c37d368aa23bd2b37ac
                                                                                                                                                                                      • Opcode Fuzzy Hash: c368ba221dffe94a581079cb90e5fd2acaa62b293e5c09470adb001c49ae980b
                                                                                                                                                                                      • Instruction Fuzzy Hash: 41310A76209BC494EA259B56F84439FB732F786BD0F589416DE8D93B28CF39C056CB01
                                                                                                                                                                                      Function 00007FFDFAEA2410 Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 41COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914267094.00007FFDFAEA1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAEA0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914243897.00007FFDFAEA0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAEA6000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF4E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF52000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914528563.00007FFDFAFAF000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914549078.00007FFDFAFB1000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaea0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Module_$Object$Capsule_ConstantCreate2Object_String
                                                                                                                                                                                      • String ID: 13.0.0$UCD$ucd_3_2_0$ucnhash_CAPI$unicodedata.ucnhash_CAPI$unidata_version
                                                                                                                                                                                      • API String ID: 3760240918-3451515483
                                                                                                                                                                                      • Opcode ID: 9404a3e0a00de817f514e66c0451751c0b59d428688e7b36f43c78fa1897eb59
                                                                                                                                                                                      • Instruction ID: 2fb346ec45fc4a0a62f50c9716cd3109b7e2e657b2ccf360810b718e591e880d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9404a3e0a00de817f514e66c0451751c0b59d428688e7b36f43c78fa1897eb59
                                                                                                                                                                                      • Instruction Fuzzy Hash: D811F8A4B09B4791EF0CAB15E8709B52760BF96B51B4450B2C83F1E3E9EF2EA549C350
                                                                                                                                                                                      Function 61B11D60 Relevance: 19.6, APIs: 13, Instructions: 96memoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Heap$Process$AdaptersAddressesAllocFree$inet_ntoa
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4108032510-0
                                                                                                                                                                                      • Opcode ID: d16a3b648359f659fd2c73b0afce29e08999a610ff9235240c5c21818b975687
                                                                                                                                                                                      • Instruction ID: 96fe857e273d88828c28fac541a6b51d8e9f740912febbed53996c4096d15195
                                                                                                                                                                                      • Opcode Fuzzy Hash: d16a3b648359f659fd2c73b0afce29e08999a610ff9235240c5c21818b975687
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F21FD2331968545FB58DBF7AC01B5A6A62AB89BD4F0DC639AD1C87398DF38D4428710
                                                                                                                                                                                      Function 61B04701 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 163threadCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 61B0E870: PyList_New.PYTHON39 ref: 61B0E8AA
                                                                                                                                                                                        • Part of subcall function 61B0E870: PyMem_Free.PYTHON39 ref: 61B0E8E3
                                                                                                                                                                                      • _PyDict_GetItemIdWithError.PYTHON39 ref: 61B0F2D2
                                                                                                                                                                                      • PyThreadState_Get.PYTHON39 ref: 61B0F335
                                                                                                                                                                                      • _Py_CheckFunctionResult.PYTHON39 ref: 61B0F37F
                                                                                                                                                                                      • _Py_Dealloc.PYTHON39 ref: 61B0F3B3
                                                                                                                                                                                      • _PyObject_MakeTpCall.PYTHON39 ref: 61B0F40A
                                                                                                                                                                                      • _Py_Dealloc.PYTHON39 ref: 61B0F420
                                                                                                                                                                                      • _PyLong_AsInt.PYTHON39 ref: 61B0F463
                                                                                                                                                                                      • PyImport_ImportModuleLevelObject.PYTHON39 ref: 61B0F48B
                                                                                                                                                                                      • _Py_Dealloc.PYTHON39 ref: 61B0F4BD
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Dealloc$CallCheckDict_ErrorFreeFunctionImportImport_ItemLevelList_Long_MakeMem_ModuleObjectObject_ResultState_ThreadWith
                                                                                                                                                                                      • String ID: __import__ not found
                                                                                                                                                                                      • API String ID: 1035092831-2199325508
                                                                                                                                                                                      • Opcode ID: f69035f3f3d1c36941beb47acd8e15956824a91dfce60674d61ed92d0351f915
                                                                                                                                                                                      • Instruction ID: 4c4f414a092636a8af3c19606606fbd00ee5c3b8fe9c95db7cb9c0abd797cef7
                                                                                                                                                                                      • Opcode Fuzzy Hash: f69035f3f3d1c36941beb47acd8e15956824a91dfce60674d61ed92d0351f915
                                                                                                                                                                                      • Instruction Fuzzy Hash: 25516E72305B8486EA498F56E84439E7B61F74AFE5F08912ADF4E07B24DF39C0A5C304
                                                                                                                                                                                      Function 61B119E0 Relevance: 18.1, APIs: 12, Instructions: 111memoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Heap$Process$Free$Alloc$AdaptersAddressesmemcpy
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1739390247-0
                                                                                                                                                                                      • Opcode ID: a7d6ca7c7a7af3b07c737d82dffe7c83959938c8e8550f1ccbda524bf3299739
                                                                                                                                                                                      • Instruction ID: 8de235b32370fc304316d942d2e3e465cf26d4b928804fb5ee54078b8abbffdf
                                                                                                                                                                                      • Opcode Fuzzy Hash: a7d6ca7c7a7af3b07c737d82dffe7c83959938c8e8550f1ccbda524bf3299739
                                                                                                                                                                                      • Instruction Fuzzy Hash: E031D82331568189EF09DBB6A800B9D6BA2D75ABD4F4CC139EE2887718EF34C591C700
                                                                                                                                                                                      Function 61B7D7E0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 283memoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • VirtualProtect.KERNEL32(?,?,?,?,?,?,61B01278), ref: 61B7D90D
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • Unknown pseudo relocation bit size %d., xrefs: 61B7DA7A
                                                                                                                                                                                      • Unknown pseudo relocation protocol version %d., xrefs: 61B7DA8E
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                                                      • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
                                                                                                                                                                                      • API String ID: 544645111-395989641
                                                                                                                                                                                      • Opcode ID: e7dcead3da33c0d97bd82a4463277e03bd00bfc50d6c47c3edb4fd3113abe840
                                                                                                                                                                                      • Instruction ID: 502e67a30c415de938d6f45c645901a6d13cd530305282750e6e89115e7c7d7e
                                                                                                                                                                                      • Opcode Fuzzy Hash: e7dcead3da33c0d97bd82a4463277e03bd00bfc50d6c47c3edb4fd3113abe840
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C911471B102C186FB3C9BA6E98079D6762FB857E8F54C915CA3D97794EB3EC4828301
                                                                                                                                                                                      Function 61B13930 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 117stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: freemallocmemcpystrchrstrlen
                                                                                                                                                                                      • String ID: and,$http://$local$or,
                                                                                                                                                                                      • API String ID: 3771145599-2506292620
                                                                                                                                                                                      • Opcode ID: 98aea5e60080652496146f5ca2e7bc1ace9f850ca94594126baf6f624212a160
                                                                                                                                                                                      • Instruction ID: 8f254e6f1fd28203d4179a1ed8483321e480ab26beec3d8740840233e448d8d7
                                                                                                                                                                                      • Opcode Fuzzy Hash: 98aea5e60080652496146f5ca2e7bc1ace9f850ca94594126baf6f624212a160
                                                                                                                                                                                      • Instruction Fuzzy Hash: B031F82275D2C481FE59CA5255013AD6B45E741BF8F8DC7258D39177E9FB3AC046C300
                                                                                                                                                                                      Function 61B096B5 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • bad marshal data (list size out of range), xrefs: 61B0A3F8
                                                                                                                                                                                      • NULL object in marshal data for list, xrefs: 61B0AAE5
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Err_List_Occurred
                                                                                                                                                                                      • String ID: NULL object in marshal data for list$bad marshal data (list size out of range)
                                                                                                                                                                                      • API String ID: 1902535023-3453879413
                                                                                                                                                                                      • Opcode ID: 5deaa9ae589fbd167d0c6d4827ad7f0891c85d593059ce57b5833c872caed8f3
                                                                                                                                                                                      • Instruction ID: 72ef1453551cd2915ee9601d540d127adae4d508a2b054f58b71238257ab7bf8
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5deaa9ae589fbd167d0c6d4827ad7f0891c85d593059ce57b5833c872caed8f3
                                                                                                                                                                                      • Instruction Fuzzy Hash: 62314B712466D1C2EA18CB66E48435D2BB5FB8AB92F08D825CE4E07324EF39C446CB40
                                                                                                                                                                                      Function 61B09820 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • bad marshal data (tuple size out of range), xrefs: 61B0A6D4
                                                                                                                                                                                      • NULL object in marshal data for tuple, xrefs: 61B0A913
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Err_OccurredTuple_
                                                                                                                                                                                      • String ID: NULL object in marshal data for tuple$bad marshal data (tuple size out of range)
                                                                                                                                                                                      • API String ID: 3674511531-3094253248
                                                                                                                                                                                      • Opcode ID: 66e4071a65e2e3d8afc3ba7a2e60ce4719a528bf4bb790b3b2f123e2c83be233
                                                                                                                                                                                      • Instruction ID: 6bc3a64c7aec1e082c96986ab5144d91af66bcd782cc1a484e51d603226bf779
                                                                                                                                                                                      • Opcode Fuzzy Hash: 66e4071a65e2e3d8afc3ba7a2e60ce4719a528bf4bb790b3b2f123e2c83be233
                                                                                                                                                                                      • Instruction Fuzzy Hash: CD214B712067C181FA188B66D49476D3BA6FB86B92F09EC14CE0E07324EF39D845C750
                                                                                                                                                                                      Function 61B08980 Relevance: 16.8, APIs: 11, Instructions: 338fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: fwrite
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3559309478-0
                                                                                                                                                                                      • Opcode ID: 590e91543fc90559786f37e0cf4ea6d173d7f06c6baca5210b17f63ad982adca
                                                                                                                                                                                      • Instruction ID: f050a4670b52e395e798ff82b4e410f23e6159c21e29f92d3365b1949e6b1733
                                                                                                                                                                                      • Opcode Fuzzy Hash: 590e91543fc90559786f37e0cf4ea6d173d7f06c6baca5210b17f63ad982adca
                                                                                                                                                                                      • Instruction Fuzzy Hash: 00C1ADB2701B8485DB19CFAAD4447893BB5F309FE9F648216DE6C1B798DB39C691C380
                                                                                                                                                                                      Function 00007FFDFAEA2610 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914267094.00007FFDFAEA1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAEA0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914243897.00007FFDFAEA0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAEA6000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF4E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF52000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914528563.00007FFDFAFAF000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914549078.00007FFDFAFB1000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaea0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 349153199-0
                                                                                                                                                                                      • Opcode ID: b8c1a2c7ebbee062cdffbadaee7b374dce9ca1f85f88613488d49a9c17cf69b8
                                                                                                                                                                                      • Instruction ID: 1e20faa0d406596d57b8b8af6ece9bd82982c0e1dadbea89f76fd8180103f3df
                                                                                                                                                                                      • Opcode Fuzzy Hash: b8c1a2c7ebbee062cdffbadaee7b374dce9ca1f85f88613488d49a9c17cf69b8
                                                                                                                                                                                      • Instruction Fuzzy Hash: C881C0A1F0C24345F75CBB269460AB95290AF95B80F0480B5E96F6F7EEDF3EE505A700
                                                                                                                                                                                      Function 00007FFDFAFC32AB Relevance: 16.6, APIs: 5, Strings: 6, Instructions: 127stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: atoi$strcmp
                                                                                                                                                                                      • String ID: ..\s\crypto\ts\ts_conf.c$accuracy$microsecs$millisecs$p$secs
                                                                                                                                                                                      • API String ID: 4175852868-1596076588
                                                                                                                                                                                      • Opcode ID: ae98376ed62e7f2547e13ed3231a9dc688f41d63b3bfb75b3373190d81aa6424
                                                                                                                                                                                      • Instruction ID: 29b87cd2eeddd0aeb1944fc34f58dcd0c42501acbaa657093a64899eeaa4edd0
                                                                                                                                                                                      • Opcode Fuzzy Hash: ae98376ed62e7f2547e13ed3231a9dc688f41d63b3bfb75b3373190d81aa6424
                                                                                                                                                                                      • Instruction Fuzzy Hash: D051B326F1A64756EB04AB269430DB93390BF44B98F409635ED2E477F9DF3CE5058600
                                                                                                                                                                                      Function 61B09850 Relevance: 16.6, APIs: 11, Instructions: 84COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Dealloc$Dict_$AppendErr_ItemList_Occurred
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 30499974-0
                                                                                                                                                                                      • Opcode ID: 0ee05b1e747ac9e08a2086f116a859a3cc3a2e4e8626090a5f169c33c492e374
                                                                                                                                                                                      • Instruction ID: 3ac32a370ddc71d74ff73bb4ff5e518c97c46a56d873f418bfa8530d8794377f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ee05b1e747ac9e08a2086f116a859a3cc3a2e4e8626090a5f169c33c492e374
                                                                                                                                                                                      • Instruction Fuzzy Hash: 98316F72A46BD081EA1D8F67E9543596BA5F78AB96F0CD824CE4E47324DF39C0018350
                                                                                                                                                                                      Function 61B12160 Relevance: 16.6, APIs: 11, Instructions: 78memorynetworkCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Heap$Process$Free$Alloc$NetworkParams
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3483679945-0
                                                                                                                                                                                      • Opcode ID: aefcdaee9a6d941e5cea11ce6d157eb645c84eed3e1b7f40b0a921879ae0bc52
                                                                                                                                                                                      • Instruction ID: bbadbd92d175af840e26784c3679636ff142011b10d8cc43dd9c51b82f17ebdb
                                                                                                                                                                                      • Opcode Fuzzy Hash: aefcdaee9a6d941e5cea11ce6d157eb645c84eed3e1b7f40b0a921879ae0bc52
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8811E95530559644EE18D7B77C01BAE96526BCBBD4F1DC236AE3C97398EE38D1038300
                                                                                                                                                                                      Function 61B01660 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 130COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Err_$FormatOccurred
                                                                                                                                                                                      • String ID: %s (%d:%d)
                                                                                                                                                                                      • API String ID: 4038069558-1595188566
                                                                                                                                                                                      • Opcode ID: 6bdcaf1c84afebc70da9eedde274f8b37b3cc79f71d39b15753354c2fabf8bce
                                                                                                                                                                                      • Instruction ID: 81413b3c93e81ebaca8c79e3421e12b8a91048c5583085990c376c29da13226b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6bdcaf1c84afebc70da9eedde274f8b37b3cc79f71d39b15753354c2fabf8bce
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7241BE726057C082EB0C9B5AE8913AD7F71F78ABD9F4CD525EE4A07B25CF29C1858740
                                                                                                                                                                                      Function 61B7DD30 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: signal
                                                                                                                                                                                      • String ID: CCG
                                                                                                                                                                                      • API String ID: 1946981877-1584390748
                                                                                                                                                                                      • Opcode ID: 83dfee6b8079288d274c6ade54bcbf9715db9cea21a8ecb3a62078a186a6545f
                                                                                                                                                                                      • Instruction ID: e90b821d2f5e3d69e45083a416f6e74094f7ac85f604431b1f10de08303f00e8
                                                                                                                                                                                      • Opcode Fuzzy Hash: 83dfee6b8079288d274c6ade54bcbf9715db9cea21a8ecb3a62078a186a6545f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C315E207054C146FE7E62FAA59036D2542EBDA3B8F29CF25C93EC73E4DE5988D54322
                                                                                                                                                                                      Function 61B092D0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 96COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • PyErr_Occurred.PYTHON39 ref: 61B092E0
                                                                                                                                                                                      • PyUnicode_DecodeUTF8.PYTHON39 ref: 61B09BAF
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • surrogatepass, xrefs: 61B09BA5
                                                                                                                                                                                      • bad marshal data (string size out of range), xrefs: 61B0A375
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: DecodeErr_OccurredUnicode_
                                                                                                                                                                                      • String ID: bad marshal data (string size out of range)$surrogatepass
                                                                                                                                                                                      • API String ID: 1138423624-4021928140
                                                                                                                                                                                      • Opcode ID: 35757d6065978158dbef02c5d6e94a5f31814075426dee35622a1944adce035a
                                                                                                                                                                                      • Instruction ID: 7eccf157815502c72e4032eb7b92d0fcf92db7c6a2433d5e7de302b1b18528bb
                                                                                                                                                                                      • Opcode Fuzzy Hash: 35757d6065978158dbef02c5d6e94a5f31814075426dee35622a1944adce035a
                                                                                                                                                                                      • Instruction Fuzzy Hash: A83185723456C086EA19CF25E49479E7BA5FB89B52F0AE924CE4A07354DF38D485CB40
                                                                                                                                                                                      Function 00007FFDFAEA5208 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914267094.00007FFDFAEA1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAEA0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914243897.00007FFDFAEA0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAEA6000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF4E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF52000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914528563.00007FFDFAFAF000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914549078.00007FFDFAFB1000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaea0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Unicode_$Equal$CompareDeallocErr_ReadyString
                                                                                                                                                                                      • String ID: invalid normalization form
                                                                                                                                                                                      • API String ID: 3010910608-2281882113
                                                                                                                                                                                      • Opcode ID: ba4c5c826613feff4fda7b3b67ec7b853ca24e194141179678075e2ef9f1e7e6
                                                                                                                                                                                      • Instruction ID: 5bcbd034f2f65302054d519778e85787d3929ef246a7419d80a1b3d64bf9ef9a
                                                                                                                                                                                      • Opcode Fuzzy Hash: ba4c5c826613feff4fda7b3b67ec7b853ca24e194141179678075e2ef9f1e7e6
                                                                                                                                                                                      • Instruction Fuzzy Hash: 034172A1B0860285EB18AB15A860A756364FF86F94F4401B5DD7F4F7ECDF7EE0049320
                                                                                                                                                                                      Function 00007FFDFAFC23D3 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 94libraryloaderCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: InformationObjectUser$AddressErrorHandleLastModuleProcProcessStationWindowwcsstr
                                                                                                                                                                                      • String ID: Service-0x$_OPENSSL_isservice
                                                                                                                                                                                      • API String ID: 459917433-1672312481
                                                                                                                                                                                      • Opcode ID: b0e2507b54a2fee0f286af568643ff84d15fb4472f624db1291a1182b8891a4e
                                                                                                                                                                                      • Instruction ID: ca0ef295e88d473552541deb0329cd4a5517a88037e4d427c35936a0a5c4a142
                                                                                                                                                                                      • Opcode Fuzzy Hash: b0e2507b54a2fee0f286af568643ff84d15fb4472f624db1291a1182b8891a4e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 65417F61B06B8386EB549F25D860AB823A0EF497B4B484735E97D467F8EF3CE5548300
                                                                                                                                                                                      Function 61B07470 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 63stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Err_$FetchFormatFromObject_RestoreWindowsstrerror
                                                                                                                                                                                      • String ID: %s (%d:%d)
                                                                                                                                                                                      • API String ID: 2858978339-1595188566
                                                                                                                                                                                      • Opcode ID: e76e97b5667d219b5e8a1efab1be7d93002fe32716a7f533a54dc1823c019955
                                                                                                                                                                                      • Instruction ID: 303276164d2b28656eba6fd409e0f585d2b665e41c123d5ec827297777a7d94f
                                                                                                                                                                                      • Opcode Fuzzy Hash: e76e97b5667d219b5e8a1efab1be7d93002fe32716a7f533a54dc1823c019955
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6121B332605BC481EB089B1AE4503DD7B72FB8AB91F499826CF8E17364DF2AC546C340
                                                                                                                                                                                      Function 00007FFDFAEA511C Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 58COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914267094.00007FFDFAEA1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAEA0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914243897.00007FFDFAEA0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAEA6000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF4E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF52000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914528563.00007FFDFAFAF000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914549078.00007FFDFAFB1000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaea0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Arg_$ArgumentReadyUnicode_$CheckPositional
                                                                                                                                                                                      • String ID: argument 1$argument 2$is_normalized$str
                                                                                                                                                                                      • API String ID: 396090033-184702317
                                                                                                                                                                                      • Opcode ID: f80971bf26c3f3c62d97a1cd1428008a854b5e9fc8dea6ffb44fcbe9bdb378be
                                                                                                                                                                                      • Instruction ID: 404cf0b9a65712821d47f302f5bcdec28c9a688baed77f94a9a15b071a0bf122
                                                                                                                                                                                      • Opcode Fuzzy Hash: f80971bf26c3f3c62d97a1cd1428008a854b5e9fc8dea6ffb44fcbe9bdb378be
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2521B661B0CA8684E7189B25E864AB82364FF56F94F4442B1D97F0F2ECCF2DD506C310
                                                                                                                                                                                      Function 61B0E530 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • read() returned too much data: %zd bytes requested, %zd returned, xrefs: 61B0E5B8
                                                                                                                                                                                      • EOF read where not expected, xrefs: 61B0E5D7
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Err_$Mem_$FormatFreeMallocMemoryOccurredfread
                                                                                                                                                                                      • String ID: EOF read where not expected$read() returned too much data: %zd bytes requested, %zd returned
                                                                                                                                                                                      • API String ID: 28673812-3742967138
                                                                                                                                                                                      • Opcode ID: 5c196552dab230829ee26b30c8cd0ab159bfc67585371228b6031577619417f4
                                                                                                                                                                                      • Instruction ID: dd9a14458220e394acffc043ebbebb36bf8dfbb8b44ee53497f36c4f210d1c3b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c196552dab230829ee26b30c8cd0ab159bfc67585371228b6031577619417f4
                                                                                                                                                                                      • Instruction Fuzzy Hash: F411C23070569081FA188B6BE88439C1A62B74AF92F0C9E21CEAD473E0FF2EC5568300
                                                                                                                                                                                      Function 00007FF7996774B0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,00007FF7996726A0), ref: 00007FF7996774D7
                                                                                                                                                                                      • FormatMessageW.KERNEL32(00000000,00007FF7996726A0), ref: 00007FF799677506
                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32 ref: 00007FF79967755C
                                                                                                                                                                                        • Part of subcall function 00007FF799672620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF799677744,?,?,?,?,?,?,?,?,?,?,?,00007FF79967101D), ref: 00007FF799672654
                                                                                                                                                                                        • Part of subcall function 00007FF799672620: MessageBoxW.USER32 ref: 00007FF79967272C
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorLastMessage$ByteCharFormatMultiWide
                                                                                                                                                                                      • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                      • API String ID: 2920928814-2573406579
                                                                                                                                                                                      • Opcode ID: 8b0166d5a5045c769a8e77ad43af0852bc728ff9b5502801be361ecb61f6b2fa
                                                                                                                                                                                      • Instruction ID: fb7703c45835701ef563cd127fffc2657897b76f74b9e454fbf81cb824c42b0b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b0166d5a5045c769a8e77ad43af0852bc728ff9b5502801be361ecb61f6b2fa
                                                                                                                                                                                      • Instruction Fuzzy Hash: FB211071A18B4282F770AF35E854266A3B7FB88384FC40135D56D82795EF7CE545C760
                                                                                                                                                                                      Function 61B0E600 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • read() returned too much data: %zd bytes requested, %zd returned, xrefs: 61B0E67B
                                                                                                                                                                                      • EOF read where not expected, xrefs: 61B0E697
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Err_$Mem_$FormatFreeMallocMemoryOccurredfread
                                                                                                                                                                                      • String ID: EOF read where not expected$read() returned too much data: %zd bytes requested, %zd returned
                                                                                                                                                                                      • API String ID: 28673812-3742967138
                                                                                                                                                                                      • Opcode ID: 6cd963c7d8042f78008add91214353f4f50e3c349a8d10f296dd955fc68ac947
                                                                                                                                                                                      • Instruction ID: 0cf751e1b2cd42544234907615a75a55186e287cfd1db188ed2d49f761de8941
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6cd963c7d8042f78008add91214353f4f50e3c349a8d10f296dd955fc68ac947
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C115B7170559081FA089B6BFC5439C1622BB46FA5F0C9A25EE5E177E0DF3A88968340
                                                                                                                                                                                      Function 61B1D690 Relevance: 15.5, APIs: 2, Strings: 8, Instructions: 455COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: callocfree
                                                                                                                                                                                      • String ID: in != NULL$key != NULL$key != NULL$ltc_mp.name != NULL$ltc_mp.name != NULL$size > 0$src/pk/rsa/rsa_import.c$src/pk/rsa/rsa_make_key.c
                                                                                                                                                                                      • API String ID: 306872129-2031961738
                                                                                                                                                                                      • Opcode ID: 122f9fe6c474a09e7fb308f08be724e57a1a5cd14cf12406ef073a396dfed3e3
                                                                                                                                                                                      • Instruction ID: c58b955f1d6f9c4311833bf8ef6524a99477435119d902af924920aa39d4d61d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 122f9fe6c474a09e7fb308f08be724e57a1a5cd14cf12406ef073a396dfed3e3
                                                                                                                                                                                      • Instruction Fuzzy Hash: DB123972208BC186E7648F62F48578EB7A4F785B98F518116EF8A87B5CDF79C085CB40
                                                                                                                                                                                      Function 00007FFDFAFC4B3D Relevance: 15.1, APIs: 3, Strings: 7, Instructions: 127stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: strncmp
                                                                                                                                                                                      • String ID: , value=$..\s\crypto\x509v3\v3_conf.c$/$ASN1:$DER:$critical,$name=
                                                                                                                                                                                      • API String ID: 1114863663-1429737502
                                                                                                                                                                                      • Opcode ID: fa9dcb5958271daa3e2a324d8ca326ef0272130a5644930e9fe95100a0dccc46
                                                                                                                                                                                      • Instruction ID: 45da4dbc829013f5f2fd1b12d7c309bbf9952e74ecb5829ceb5ee2604a855d01
                                                                                                                                                                                      • Opcode Fuzzy Hash: fa9dcb5958271daa3e2a324d8ca326ef0272130a5644930e9fe95100a0dccc46
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2141C162F0AA8741EB149B22B820B7A6A90FF45BD8F045235DD6D4B7EDDE3CE505C700
                                                                                                                                                                                      Function 00007FF799680228 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                      • String ID: f$f$p$p$f
                                                                                                                                                                                      • API String ID: 3215553584-1325933183
                                                                                                                                                                                      • Opcode ID: 864902cbb2e935f55fbb0b0f358a3d1305b233c90ffe52d12db1516ed6b7c985
                                                                                                                                                                                      • Instruction ID: 81cff7df6d6c556f5b8e30e0c4cfa7491e3a93097ea40b906064c210628f2328
                                                                                                                                                                                      • Opcode Fuzzy Hash: 864902cbb2e935f55fbb0b0f358a3d1305b233c90ffe52d12db1516ed6b7c985
                                                                                                                                                                                      • Instruction Fuzzy Hash: 921281A2E0D143C6FB707E26E1542FAE2B3FB80750FD44835D6A9466C4DB7CE4818B61
                                                                                                                                                                                      Function 61B013C0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 167COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ObjectSizeSys_Unicode_getenv
                                                                                                                                                                                      • String ID: LANG$PYARMOR_LANG$_PARLANG
                                                                                                                                                                                      • API String ID: 223123148-1822377752
                                                                                                                                                                                      • Opcode ID: e3ea14bb12fd1e93d48e2f2833b79d1dc149f78145d73b0252fa14395f8fae87
                                                                                                                                                                                      • Instruction ID: 0b2dfe9e6bd145d7a43b91fd87f49a53445e9401d3cb0163b88a1a6a79ae2dc7
                                                                                                                                                                                      • Opcode Fuzzy Hash: e3ea14bb12fd1e93d48e2f2833b79d1dc149f78145d73b0252fa14395f8fae87
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0451E3A22092E085FB4ECBA5D4803AD3FB3E746B8EF4EC016DA5D07365D72AC099C710
                                                                                                                                                                                      Function 00007FFDFAFC41D8 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 117networkCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorLastsetsockopt
                                                                                                                                                                                      • String ID: ..\s\crypto\bio\b_sock2.c$o
                                                                                                                                                                                      • API String ID: 1729277954-1872632005
                                                                                                                                                                                      • Opcode ID: 34993e59505dbed600dca64135d27a9ba0d4750b564e5c6ba914b5e12530ade6
                                                                                                                                                                                      • Instruction ID: 5f171ad5f27b0b1a9da4b9df4d3dc2e1357ebc95c5a03c2dd06a7b903451eca6
                                                                                                                                                                                      • Opcode Fuzzy Hash: 34993e59505dbed600dca64135d27a9ba0d4750b564e5c6ba914b5e12530ade6
                                                                                                                                                                                      • Instruction Fuzzy Hash: DC51B331B4994386F320DB12E824AA97360FF86B58F444235E66847AEDCF3DE645DB00
                                                                                                                                                                                      Function 00007FFDFAFC3779 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 85stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: strcmpstrncmpstrtoul
                                                                                                                                                                                      • String ID: MASK:$default$nombstr$pkix$utf8only
                                                                                                                                                                                      • API String ID: 1175158921-3483942737
                                                                                                                                                                                      • Opcode ID: a21ae9ee1a6a80a1cd62bd08bae20b9b71c674710c0f9c2fb243c96c79f53681
                                                                                                                                                                                      • Instruction ID: 439a3358cc4b6afae70233cd0f9bb4d440672c279676ba642b9034eb201fc354
                                                                                                                                                                                      • Opcode Fuzzy Hash: a21ae9ee1a6a80a1cd62bd08bae20b9b71c674710c0f9c2fb243c96c79f53681
                                                                                                                                                                                      • Instruction Fuzzy Hash: 69311A22B1958356EB414B18E460BB93791EB49750F445232E77E83AFDDE1CE594C700
                                                                                                                                                                                      Function 61B16B70 Relevance: 13.9, APIs: 3, Strings: 6, Instructions: 356stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: strlen
                                                                                                                                                                                      • String ID: 8$@$MD5$in != NULL$md != NULL$src/hashes/md5.c
                                                                                                                                                                                      • API String ID: 39653677-1219784974
                                                                                                                                                                                      • Opcode ID: 665fbba218407366f6e3c6b2172838b3794c219258130fd96b82cf4276d93d69
                                                                                                                                                                                      • Instruction ID: cfc6f4735c9c242967f55884dc80c951e289ba4bfa0ef52b4be1aac614545c93
                                                                                                                                                                                      • Opcode Fuzzy Hash: 665fbba218407366f6e3c6b2172838b3794c219258130fd96b82cf4276d93d69
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2ED113B360C3C18AF709DB5AE459B6EBF64E386388F568109DE820BB58D7BDC445CB41
                                                                                                                                                                                      Function 61B24EC0 Relevance: 13.7, APIs: 6, Strings: 3, Instructions: 168COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: malloc
                                                                                                                                                                                      • String ID: mask != NULL$seed != NULL$src/pk/pkcs1/pkcs_1_mgf1.c
                                                                                                                                                                                      • API String ID: 2803490479-2931318352
                                                                                                                                                                                      • Opcode ID: 6be74c4e40dc0d16bd1b16cdf17590bda24ac64160d98fa2262e4febbb8035bc
                                                                                                                                                                                      • Instruction ID: 981eee45377077d7da0f3125a3915bc545afe5849467b799833808e2c521457b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6be74c4e40dc0d16bd1b16cdf17590bda24ac64160d98fa2262e4febbb8035bc
                                                                                                                                                                                      • Instruction Fuzzy Hash: 645104727091C446FB1ACB769904BBF6F61EB89B88F44C014CE694BA0DDB3AC409C744
                                                                                                                                                                                      Function 00007FF79967DC30 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                      • String ID: csm$csm$csm
                                                                                                                                                                                      • API String ID: 849930591-393685449
                                                                                                                                                                                      • Opcode ID: 64a04dea20eab758f09741b49381e36ae6aa3d4dbdf263ead872da10faeebcc4
                                                                                                                                                                                      • Instruction ID: a90bb8456953b4de09257b5f234b98d66b6a506c40b77641ebbfe4cacb03056d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 64a04dea20eab758f09741b49381e36ae6aa3d4dbdf263ead872da10faeebcc4
                                                                                                                                                                                      • Instruction Fuzzy Hash: DCE16A72A08B418AFB30AF3594502ADB7B2FB55798F900535EEAD57B95CF38E094C710
                                                                                                                                                                                      Function 00007FFDFAFC60D2 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 227COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Fiber$Switch$CreateDeletememmove
                                                                                                                                                                                      • String ID: *$..\s\crypto\async\async.c
                                                                                                                                                                                      • API String ID: 81049052-1471988776
                                                                                                                                                                                      • Opcode ID: 1831d7c809a8188426ac0f01b2ae61a537539a6563a9100cc60af150d2942dba
                                                                                                                                                                                      • Instruction ID: c2defc46d47df780fd0c1042655e703329d9dbfee787833c26fcd5323f0b47fb
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1831d7c809a8188426ac0f01b2ae61a537539a6563a9100cc60af150d2942dba
                                                                                                                                                                                      • Instruction Fuzzy Hash: E6A16132B0AA4391EB24DF16E460A7973A0EF84B94F448031EAAD477E9DF3CE655D340
                                                                                                                                                                                      Function 00007FF79968DDB8 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,00000000,?,00007FF79968E152,?,?,000001CA0EA26A98,00007FF79968A223,?,?,?,00007FF79968A11A,?,?,?,00007FF799685472), ref: 00007FF79968DF34
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,00000000,?,00007FF79968E152,?,?,000001CA0EA26A98,00007FF79968A223,?,?,?,00007FF79968A11A,?,?,?,00007FF799685472), ref: 00007FF79968DF40
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AddressFreeLibraryProc
                                                                                                                                                                                      • String ID: api-ms-$ext-ms-
                                                                                                                                                                                      • API String ID: 3013587201-537541572
                                                                                                                                                                                      • Opcode ID: 01869d8b0b1ae08ce046380e8c955ca032c286979885a37836ee5a28d8bde6d1
                                                                                                                                                                                      • Instruction ID: f260d4db76f6b8784395444d1fd7ea88a066038ecdba909e45030ec7c15cfee3
                                                                                                                                                                                      • Opcode Fuzzy Hash: 01869d8b0b1ae08ce046380e8c955ca032c286979885a37836ee5a28d8bde6d1
                                                                                                                                                                                      • Instruction Fuzzy Hash: D441CF21B1AA1283FA36AF279824575E2A3BF15BA0FC94135DD2D47B84DE3CF445C234
                                                                                                                                                                                      Function 00007FF799677600 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF79967101D), ref: 00007FF79967769F
                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF79967101D), ref: 00007FF7996776EF
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ByteCharMultiWide
                                                                                                                                                                                      • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                      • API String ID: 626452242-27947307
                                                                                                                                                                                      • Opcode ID: ff563fd808d69f35f83569dbbc19b7f1e21c5d08308d418d8919d0e7ff1619ab
                                                                                                                                                                                      • Instruction ID: 0d5e00988aadbea750dcf7a87416e449d809141b83344e7ad1b7caf5271dac2d
                                                                                                                                                                                      • Opcode Fuzzy Hash: ff563fd808d69f35f83569dbbc19b7f1e21c5d08308d418d8919d0e7ff1619ab
                                                                                                                                                                                      • Instruction Fuzzy Hash: 69416D32A18B8282E630EF25B44016AF7FAFB84B94F984135DAAD47B94EF3CD451C710
                                                                                                                                                                                      Function 61B09340 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • PyUnicode_FromKindAndData.PYTHON39 ref: 61B09386
                                                                                                                                                                                      • PyErr_SetString.PYTHON39 ref: 61B09DD7
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • EOF read where object expected, xrefs: 61B09DCA
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: DataErr_FromKindStringUnicode_
                                                                                                                                                                                      • String ID: EOF read where object expected
                                                                                                                                                                                      • API String ID: 3898585613-3634523442
                                                                                                                                                                                      • Opcode ID: 70b6289a318af1f79354a926ed3fd527191c965d28a9e24e40a6bd2e9a010fc2
                                                                                                                                                                                      • Instruction ID: 7ea5615932cfd93293a685b0e2784dfba877e7aa627470a910a87b624da84c9a
                                                                                                                                                                                      • Opcode Fuzzy Hash: 70b6289a318af1f79354a926ed3fd527191c965d28a9e24e40a6bd2e9a010fc2
                                                                                                                                                                                      • Instruction Fuzzy Hash: EC31D5722456D082EA1DCB25D49479E7BB5FB89B92F0ADA14CE0E077A4DF38D485CB40
                                                                                                                                                                                      Function 00007FFDFAEA48E0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914267094.00007FFDFAEA1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAEA0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914243897.00007FFDFAEA0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAEA6000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF4E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF52000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914528563.00007FFDFAFAF000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914549078.00007FFDFAFB1000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaea0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Arg_ArgumentErr_FromLongLong_OccurredReadyUnicode_
                                                                                                                                                                                      • String ID: a unicode character$argument$combining
                                                                                                                                                                                      • API String ID: 3097524968-4202047184
                                                                                                                                                                                      • Opcode ID: 9093699c94904b4bf7073e79ae722272963a5adc5b0dcf231abcba32b636913e
                                                                                                                                                                                      • Instruction ID: b1f786d21855014778da3eb094e4ae83883efd691b20b80a40ccc25f58ad815a
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9093699c94904b4bf7073e79ae722272963a5adc5b0dcf231abcba32b636913e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0731C0A1B0860782FB6C6B15D471B791291AF88B94F44C5B5CA6F4B3DDDE2EEC698300
                                                                                                                                                                                      Function 00007FFDFAEA5390 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914267094.00007FFDFAEA1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAEA0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914243897.00007FFDFAEA0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAEA6000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF4E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF52000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914528563.00007FFDFAFAF000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914549078.00007FFDFAFB1000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaea0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Arg_ArgumentErr_FromLongLong_OccurredReadyUnicode_
                                                                                                                                                                                      • String ID: a unicode character$argument$mirrored
                                                                                                                                                                                      • API String ID: 3097524968-4001128513
                                                                                                                                                                                      • Opcode ID: 54c05627f097f516bd39b4aff664f275978b312bea092729d04bd944666e477c
                                                                                                                                                                                      • Instruction ID: 5c190fc9f737b32f389c288fb0f3aee479a31e3fec39056f5f830df39e313802
                                                                                                                                                                                      • Opcode Fuzzy Hash: 54c05627f097f516bd39b4aff664f275978b312bea092729d04bd944666e477c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A31D1A1B4870682FB5C6B15C471B7D12A9AF86B95F4445B5CE2F4F3CCDE2EE8498320
                                                                                                                                                                                      Function 61B080F0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • marshal data too short, xrefs: 61B081FC
                                                                                                                                                                                      • EOF read where object expected, xrefs: 61B081A9
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Err_S_string_to_doubleStringmemcpy
                                                                                                                                                                                      • String ID: EOF read where object expected$marshal data too short
                                                                                                                                                                                      • API String ID: 1651926552-3827827332
                                                                                                                                                                                      • Opcode ID: bf9f4db2a3f62d467a2a094e404d984d2fc0e9549e6c5f221707f412ea1bf879
                                                                                                                                                                                      • Instruction ID: 3aed8a6ffb93bc12585ab7b0d785ebf2871035c410f82595333a81e2a8823fc0
                                                                                                                                                                                      • Opcode Fuzzy Hash: bf9f4db2a3f62d467a2a094e404d984d2fc0e9549e6c5f221707f412ea1bf879
                                                                                                                                                                                      • Instruction Fuzzy Hash: F031C332605A8484EF19DB6AE8103A93B66FB49FC9F48D621CE4D07764DF3DC6A6D340
                                                                                                                                                                                      Function 00007FF799677B40 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00007FF799673699), ref: 00007FF799677B81
                                                                                                                                                                                        • Part of subcall function 00007FF799672620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF799677744,?,?,?,?,?,?,?,?,?,?,?,00007FF79967101D), ref: 00007FF799672654
                                                                                                                                                                                        • Part of subcall function 00007FF799672620: MessageBoxW.USER32 ref: 00007FF79967272C
                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00007FF799673699), ref: 00007FF799677BF5
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                      • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                      • API String ID: 3723044601-27947307
                                                                                                                                                                                      • Opcode ID: aced5f46d53ba3e30c592e5434d0d7ab1f54160dd14b943fd141642a19c75b6b
                                                                                                                                                                                      • Instruction ID: c824078db04d8ba7a6d76ae15dbc936f5b6e84e1b63cf3fb44b90d23f7e5b2ea
                                                                                                                                                                                      • Opcode Fuzzy Hash: aced5f46d53ba3e30c592e5434d0d7ab1f54160dd14b943fd141642a19c75b6b
                                                                                                                                                                                      • Instruction Fuzzy Hash: C7217C71A09B4285FA20EF36A840079B6B7EB88B84FD84576CA6E43794EF7DE551C310
                                                                                                                                                                                      Function 61B08410 Relevance: 12.2, APIs: 8, Instructions: 242fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: fwrite
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3559309478-0
                                                                                                                                                                                      • Opcode ID: 300edc65d6d68ee49eaa891f1c63080a05e8db38e9573b5621298529621bec2d
                                                                                                                                                                                      • Instruction ID: 61d6b6d4495842159ac51cd17e2ec84a8717696430867614510dbbc42ac9384d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 300edc65d6d68ee49eaa891f1c63080a05e8db38e9573b5621298529621bec2d
                                                                                                                                                                                      • Instruction Fuzzy Hash: AD918CB6601B8085DB188FA9D54038D3BB5F709FE8F65861ADE6D17788DB39C2A1C380
                                                                                                                                                                                      Function 00007FFDFB1C23E0 Relevance: 12.2, APIs: 2, Strings: 6, Instructions: 190stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: memsetstrncpy
                                                                                                                                                                                      • String ID: , failure codes: $, status text: $..\s\crypto\ts\ts_rsp_verify.c$status code: $unknown code$unspecified
                                                                                                                                                                                      • API String ID: 388311670-2553778726
                                                                                                                                                                                      • Opcode ID: b75989da95301a0dee14cf80b734c7ea5b61b1f4cc6ed81891a073580cb8d314
                                                                                                                                                                                      • Instruction ID: d7ab784f9ed2edeeebd54165b4999656a9c5863b7366b513bed4de0e0fd24f5c
                                                                                                                                                                                      • Opcode Fuzzy Hash: b75989da95301a0dee14cf80b734c7ea5b61b1f4cc6ed81891a073580cb8d314
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1881B262F0E68386EB54EB12A460BFA63A0FF85B84F454135D96D877E9EF3CE5058300
                                                                                                                                                                                      Function 61B08F30 Relevance: 12.2, APIs: 8, Instructions: 169filestringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: fwrite$S_double_to_stringstrlen
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4243900985-0
                                                                                                                                                                                      • Opcode ID: 5b8df451a071cc43c3f45acaa98481a95b1c4222fc9fbf65292e85a38dbfafda
                                                                                                                                                                                      • Instruction ID: 9117961313bfbcc205e9fcb3f68bcc85a9470d17a19ab38b84f8f34e3f580fc8
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5b8df451a071cc43c3f45acaa98481a95b1c4222fc9fbf65292e85a38dbfafda
                                                                                                                                                                                      • Instruction Fuzzy Hash: 78517BA2301B8485DB09DF66E4543997BA1F789FE8F54862ADF5D07788EF38C195C380
                                                                                                                                                                                      Function 61B1F550 Relevance: 12.1, APIs: 4, Strings: 4, Instructions: 127COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: callocfree
                                                                                                                                                                                      • String ID: in != NULL$inlen != 0$public_key_len != NULL$src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c
                                                                                                                                                                                      • API String ID: 306872129-3913984646
                                                                                                                                                                                      • Opcode ID: 13679105b8326c73b9dc7e70c9fc6e957bb7eccfce27270e8a4bd096e9eec400
                                                                                                                                                                                      • Instruction ID: 869e3e91249f58171da8f8b3e739beb352b07a648235fd3bdabe15561be4e5b7
                                                                                                                                                                                      • Opcode Fuzzy Hash: 13679105b8326c73b9dc7e70c9fc6e957bb7eccfce27270e8a4bd096e9eec400
                                                                                                                                                                                      • Instruction Fuzzy Hash: EE41AC723096C18AEB748F66E8417CAB7A5F7C8788F448119DE9887B5CDB7DC149CB40
                                                                                                                                                                                      Function 61B0E6C0 Relevance: 12.1, APIs: 8, Instructions: 77COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Mem_$Free$FromList_MallocMarshal_ObjectPy_fstat_noraiseReadStringfread
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 308550609-0
                                                                                                                                                                                      • Opcode ID: 48fecd12bf7ae557e9bf8e45728714cbd4d82b5ee6fecf127a57dd09b6a9300f
                                                                                                                                                                                      • Instruction ID: 6ce3c0cdb9ccdd22c00944b7eb84e6dbbc068b70a575d1812578659987ceeccb
                                                                                                                                                                                      • Opcode Fuzzy Hash: 48fecd12bf7ae557e9bf8e45728714cbd4d82b5ee6fecf127a57dd09b6a9300f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 84219136605B8084EA198FA6F8443AEAB64EFC6FE9F084525EE4D47764DF3DC1958700
                                                                                                                                                                                      Function 00007FF799689264 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                      • String ID: f$p$p
                                                                                                                                                                                      • API String ID: 3215553584-1995029353
                                                                                                                                                                                      • Opcode ID: 8b43f30c9b627f105c9440690760d813b6cbc2015482011a3dd154e3df4de9b0
                                                                                                                                                                                      • Instruction ID: 1f1a71ee98f36a80f6aef0a51284f36c4e885c80b5c72fdfb15640155fd405a6
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b43f30c9b627f105c9440690760d813b6cbc2015482011a3dd154e3df4de9b0
                                                                                                                                                                                      • Instruction Fuzzy Hash: 371271A2E0C143C6FB347E76D154279F6B2EB82756FC84435E7AA466C4DA3CE5818B20
                                                                                                                                                                                      Function 61B7D5E0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 156COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • VirtualQuery failed for %d bytes at address %p, xrefs: 61B7D7B8
                                                                                                                                                                                      • Address %p has no image-section, xrefs: 61B7D7C9
                                                                                                                                                                                      • VirtualProtect failed with code 0x%x, xrefs: 61B7D76A
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: QueryVirtual
                                                                                                                                                                                      • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section
                                                                                                                                                                                      • API String ID: 1804819252-2123141913
                                                                                                                                                                                      • Opcode ID: c0f19d12fabfb822a7728595aa15563ede372f12539542be7abb64e78d43b425
                                                                                                                                                                                      • Instruction ID: 402dc668226ab6243fac91901b84be13a457e3ae61b6c92f8299709a893104bd
                                                                                                                                                                                      • Opcode Fuzzy Hash: c0f19d12fabfb822a7728595aa15563ede372f12539542be7abb64e78d43b425
                                                                                                                                                                                      • Instruction Fuzzy Hash: DF518277741A8186EB258F66F84079D77B1F789BA8F49C615EE2D073A4EB39C542C300
                                                                                                                                                                                      Function 00007FFDFAFC54C5 Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 121stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: strchr$memmove
                                                                                                                                                                                      • String ID: characters$ to $..\s\crypto\ui\ui_lib.c$You must type in
                                                                                                                                                                                      • API String ID: 1080442166-3422546668
                                                                                                                                                                                      • Opcode ID: 058cebb37ec07b436eb0b80b8ced75f7358d0c981b7b5530fb3ba3095bcba817
                                                                                                                                                                                      • Instruction ID: 31c2582a5be84a9a02e6c56ac92eb768229249ee91ed74406d0b0952f8a89422
                                                                                                                                                                                      • Opcode Fuzzy Hash: 058cebb37ec07b436eb0b80b8ced75f7358d0c981b7b5530fb3ba3095bcba817
                                                                                                                                                                                      • Instruction Fuzzy Hash: A8519162B0A64386EB228F25D820AB93760FF45B5CF044236EAAD476EDCF3CE515C740
                                                                                                                                                                                      Function 00007FFDFAEA16F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914267094.00007FFDFAEA1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAEA0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914243897.00007FFDFAEA0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAEA6000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF4E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF52000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914528563.00007FFDFAFAF000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914549078.00007FFDFAFB1000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaea0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Unicode_$Arg_ArgumentFromReadyString
                                                                                                                                                                                      • String ID: a unicode character$argument$category
                                                                                                                                                                                      • API String ID: 3000140846-2068800536
                                                                                                                                                                                      • Opcode ID: 0294fef913222645426c0ce48ee816d9d182a10c09fc4bebf7c28f0d6c2e6e1a
                                                                                                                                                                                      • Instruction ID: e8f3b814985c91414eb15412ca974b4bc391a5cd94f15eb5ef34c1bbc4e74983
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0294fef913222645426c0ce48ee816d9d182a10c09fc4bebf7c28f0d6c2e6e1a
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3E51E7A5B1864242EB1C9709D570AB962A2FF45B84F444175EA7F4F7D8DF3EE851C300
                                                                                                                                                                                      Function 00007FFDFAFC3CFC Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 114stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _stricmpstrchrstrncmp
                                                                                                                                                                                      • String ID: ..\s\crypto\store\store_lib.c$T$file
                                                                                                                                                                                      • API String ID: 3017659097-909561481
                                                                                                                                                                                      • Opcode ID: 28b18a60c300fbf15f045ff141a730ad0ac7c92fb26e074d972ddd8df418208a
                                                                                                                                                                                      • Instruction ID: 433254ba6957a885f0c67b55d7f5676d97136836004e4bdb756639181f68ec3e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 28b18a60c300fbf15f045ff141a730ad0ac7c92fb26e074d972ddd8df418208a
                                                                                                                                                                                      • Instruction Fuzzy Hash: E141A432B0AA4686E7159B12E460AA97390FF48F98F454135DE5D477A9EF3CD505C700
                                                                                                                                                                                      Function 00007FFDFAEA1000 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 104COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914267094.00007FFDFAEA1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAEA0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914243897.00007FFDFAEA0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAEA6000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF4E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF52000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914528563.00007FFDFAFAF000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914549078.00007FFDFAFB1000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaea0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Unicode_$Arg_ArgumentFromReadyString
                                                                                                                                                                                      • String ID: a unicode character$argument$bidirectional
                                                                                                                                                                                      • API String ID: 3000140846-2110215792
                                                                                                                                                                                      • Opcode ID: 0f864afd84776e8862b990bff1841d7edc816d4c536149313772fa55c7a14bfa
                                                                                                                                                                                      • Instruction ID: 5362c771098274ad1408fb5ccbcfac29f5ca2f2dfc484dcd4dc2b67040762f57
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f864afd84776e8862b990bff1841d7edc816d4c536149313772fa55c7a14bfa
                                                                                                                                                                                      • Instruction Fuzzy Hash: B041A4A2B0868382FB5C9B15D4B0B7922A2EF54B84F544575DA6F8F2D8DF2EEC44C300
                                                                                                                                                                                      Function 00007FF799677C30 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 98COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ByteCharMultiWide
                                                                                                                                                                                      • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                      • API String ID: 626452242-876015163
                                                                                                                                                                                      • Opcode ID: 290b57ca8453ae885af3ff2fc0035437ec55c1325ab119fe22c2f927501d8716
                                                                                                                                                                                      • Instruction ID: 8f214edc4514a6805941a47f19ed538f2d8c633251cbe1df22c28f565c6bc270
                                                                                                                                                                                      • Opcode Fuzzy Hash: 290b57ca8453ae885af3ff2fc0035437ec55c1325ab119fe22c2f927501d8716
                                                                                                                                                                                      • Instruction Fuzzy Hash: A2416B32A18B4282F630EF35A44017AA7BAFB48B94F945135DAAD47BA4EF3CD452C710
                                                                                                                                                                                      Function 00007FFDFAEA56B4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914267094.00007FFDFAEA1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAEA0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914243897.00007FFDFAEA0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAEA6000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF4E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF52000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914528563.00007FFDFAFAF000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914549078.00007FFDFAFB1000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaea0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: EqualUnicode_
                                                                                                                                                                                      • String ID: invalid normalization form
                                                                                                                                                                                      • API String ID: 3822945493-2281882113
                                                                                                                                                                                      • Opcode ID: 27a683614d972d0201c07423aad88ca84f1c66f1d627d019b31ed67477571f71
                                                                                                                                                                                      • Instruction ID: 6a5322d5ad8ed90fcde9829f41e2f497363d82a4be119455ca78fffdfeea528f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 27a683614d972d0201c07423aad88ca84f1c66f1d627d019b31ed67477571f71
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1E318095B0C24281FB58A7269934F795295AF86FC4F5481B1ED2F8EACDDF2EE0058720
                                                                                                                                                                                      Function 00007FFDFAFC2E46 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 91COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: EnvironmentVariable
                                                                                                                                                                                      • String ID: OPENSSL_ia32cap$~$~$~$~
                                                                                                                                                                                      • API String ID: 1431749950-1981414212
                                                                                                                                                                                      • Opcode ID: f54770ac84b8c5300f15358e4cffcff24408fff1c96f1f72ed2546603f76ac2f
                                                                                                                                                                                      • Instruction ID: eb280fabfc360328e6087c4f096e433602978690e84c591348b56caad08b9644
                                                                                                                                                                                      • Opcode Fuzzy Hash: f54770ac84b8c5300f15358e4cffcff24408fff1c96f1f72ed2546603f76ac2f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1C419F65F1E61786E7149B02A8709B862A0EF46790F844276E97D8B6FCEF3CE481D700
                                                                                                                                                                                      Function 00007FFDFAEA4A2C Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 91COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914267094.00007FFDFAEA1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAEA0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914243897.00007FFDFAEA0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAEA6000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF4E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF52000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914528563.00007FFDFAFAF000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914549078.00007FFDFAFB1000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaea0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                                                                                                                                                      • String ID: a unicode character$argument 1$decimal
                                                                                                                                                                                      • API String ID: 3545102714-2474051849
                                                                                                                                                                                      • Opcode ID: a666c7166e4bacd0b890e9221d416e98014b4c622d339b4779f80b6bec25da52
                                                                                                                                                                                      • Instruction ID: 9bafa4c0b6a1189bc17650317bd788a4907de47cd84f681353defcf37da63a4d
                                                                                                                                                                                      • Opcode Fuzzy Hash: a666c7166e4bacd0b890e9221d416e98014b4c622d339b4779f80b6bec25da52
                                                                                                                                                                                      • Instruction Fuzzy Hash: DD31A6A2B1864681EB586B05D460B7963A1EB84B84F544071DE2E4B7DCDF3FE85AC304
                                                                                                                                                                                      Function 00007FFDFAEA5820 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 91COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914267094.00007FFDFAEA1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAEA0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914243897.00007FFDFAEA0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAEA6000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF4E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF52000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914528563.00007FFDFAFAF000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914549078.00007FFDFAFB1000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaea0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                                                                                                                                                      • String ID: a unicode character$argument 1$numeric
                                                                                                                                                                                      • API String ID: 3545102714-2385192657
                                                                                                                                                                                      • Opcode ID: b6081668707e201990f47e5f17aa36e2215835f861d98285af28329eaceb8570
                                                                                                                                                                                      • Instruction ID: be67e94769197f36cd4a7b837c8562023f1f1d4127c9570a445863e3ad202339
                                                                                                                                                                                      • Opcode Fuzzy Hash: b6081668707e201990f47e5f17aa36e2215835f861d98285af28329eaceb8570
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4031A0A1B0864681EB58AB06D460A792365EB86BA4F548075DE3E4F7DCDF3EE846C310
                                                                                                                                                                                      Function 00007FFDFAEA54E8 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 91COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914267094.00007FFDFAEA1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAEA0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914243897.00007FFDFAEA0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAEA6000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF4E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF52000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914528563.00007FFDFAFAF000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914549078.00007FFDFAFB1000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaea0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                                                                                                                                                      • String ID: a unicode character$argument 1$name
                                                                                                                                                                                      • API String ID: 3545102714-4190364640
                                                                                                                                                                                      • Opcode ID: a9aa13617e7f9f24179f50e5bf1d758422cc585441daa19b1ee8822838b25842
                                                                                                                                                                                      • Instruction ID: 56b7e5e205da1a0e18ac6e00a4ac0a5b3936e157315d33f77a592069759b1b89
                                                                                                                                                                                      • Opcode Fuzzy Hash: a9aa13617e7f9f24179f50e5bf1d758422cc585441daa19b1ee8822838b25842
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6A31A5A1B08B4581EB58AB15D4607792366EF86B94F948071CE2E4B7DCDF3FE842C710
                                                                                                                                                                                      Function 00007FF799676480 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00007FF799677A30: MultiByteToWideChar.KERNEL32 ref: 00007FF799677A6A
                                                                                                                                                                                      • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF7996767CF,?,00000000,?,TokenIntegrityLevel), ref: 00007FF7996764DF
                                                                                                                                                                                        • Part of subcall function 00007FF799672770: MessageBoxW.USER32 ref: 00007FF799672841
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF79967653A
                                                                                                                                                                                      • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF7996764B6
                                                                                                                                                                                      • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF7996764F3
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                      • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                                      • API String ID: 1662231829-3498232454
                                                                                                                                                                                      • Opcode ID: e82e75a9301f2c01be817318613aadd6cb56ce3046e43f6970fb0f78f3b425c1
                                                                                                                                                                                      • Instruction ID: 266ed820efb383508b0c9beb70bef48630d694d6329b3ef92696a695b2a67dbb
                                                                                                                                                                                      • Opcode Fuzzy Hash: e82e75a9301f2c01be817318613aadd6cb56ce3046e43f6970fb0f78f3b425c1
                                                                                                                                                                                      • Instruction Fuzzy Hash: 19316911B1974291FA30BF31A9553BAD6B3AF987C0FC44031DA6E827DAEE2CE5048720
                                                                                                                                                                                      Function 00007FF79967CEE8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF79967D19A,?,?,?,00007FF79967CE8C,?,?,00000001,00007FF79967CAA9), ref: 00007FF79967CF6D
                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF79967D19A,?,?,?,00007FF79967CE8C,?,?,00000001,00007FF79967CAA9), ref: 00007FF79967CF7B
                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF79967D19A,?,?,?,00007FF79967CE8C,?,?,00000001,00007FF79967CAA9), ref: 00007FF79967CFA5
                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF79967D19A,?,?,?,00007FF79967CE8C,?,?,00000001,00007FF79967CAA9), ref: 00007FF79967CFEB
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,?,00007FF79967D19A,?,?,?,00007FF79967CE8C,?,?,00000001,00007FF79967CAA9), ref: 00007FF79967CFF7
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                      • String ID: api-ms-
                                                                                                                                                                                      • API String ID: 2559590344-2084034818
                                                                                                                                                                                      • Opcode ID: 46f8882ba5516ded8d0f67aa9085a497a0d646e74245b223b6bb25c85e55adca
                                                                                                                                                                                      • Instruction ID: 4c21afe2fbe12589a4483beb81a974cddd8ac0454b33f17811cba323b8c94d9c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 46f8882ba5516ded8d0f67aa9085a497a0d646e74245b223b6bb25c85e55adca
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6E31B021A1AB4296FE71AF22A400575A3F6FF08BA4F994935DD3D4A390DF3CE445C720
                                                                                                                                                                                      Function 00007FFDFAEA4E48 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 87COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914267094.00007FFDFAEA1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAEA0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914243897.00007FFDFAEA0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAEA6000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF4E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF52000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914528563.00007FFDFAFAF000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914549078.00007FFDFAFB1000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaea0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                                                                                                                                                                                      • String ID: a unicode character$argument 1$digit
                                                                                                                                                                                      • API String ID: 3545102714-197099943
                                                                                                                                                                                      • Opcode ID: 99a2ae79ef103e32a17fd28209526f7767674ae648d8c372e55bf47f1399ef43
                                                                                                                                                                                      • Instruction ID: 30812bb1aac1eb627640524605cfc97b081de89911d8c2d8be90768905e296c4
                                                                                                                                                                                      • Opcode Fuzzy Hash: 99a2ae79ef103e32a17fd28209526f7767674ae648d8c372e55bf47f1399ef43
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E31B3B5B1864681FB58AB15D460A792351EB80B84F55A0B1DA3E4F7DCDF3EE84AC300
                                                                                                                                                                                      Function 61B091F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 84COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • recursion limit exceeded, xrefs: 61B099EE
                                                                                                                                                                                      • bad marshal data (unknown type code), xrefs: 61B099C7
                                                                                                                                                                                      • EOF read where object expected, xrefs: 61B092B7
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Err_String
                                                                                                                                                                                      • String ID: EOF read where object expected$bad marshal data (unknown type code)$recursion limit exceeded
                                                                                                                                                                                      • API String ID: 1450464846-1585441539
                                                                                                                                                                                      • Opcode ID: 53f80a7f334273c1597f2343aa5bb58d35803aa02bf71835f72046ffe268b2e0
                                                                                                                                                                                      • Instruction ID: 9bacff15ff5468acc3aa1adf18385717b84df7f582190d71c43ce57c7443de44
                                                                                                                                                                                      • Opcode Fuzzy Hash: 53f80a7f334273c1597f2343aa5bb58d35803aa02bf71835f72046ffe268b2e0
                                                                                                                                                                                      • Instruction Fuzzy Hash: DF31A332204AC5C1EB1A8B19D8417ED7BB5FB85B59F49D511DE4D073A4EF39C496C300
                                                                                                                                                                                      Function 00007FFDFAEA4CE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 83COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914267094.00007FFDFAEA1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAEA0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914243897.00007FFDFAEA0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAEA6000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF4E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF52000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914528563.00007FFDFAFAF000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914549078.00007FFDFAFB1000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaea0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FromStringUnicode_$S_snprintfSizememcpy
                                                                                                                                                                                      • String ID: $%04X
                                                                                                                                                                                      • API String ID: 3253253298-4013080060
                                                                                                                                                                                      • Opcode ID: 4d44ecb2a9b93b4644e1663977b58a083ffdcee3f43ff71f62f85fb0096faf9c
                                                                                                                                                                                      • Instruction ID: cf7d46da3f2f6d13610d4d411e5497cb72baf2b783448569f736452d59db5dee
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d44ecb2a9b93b4644e1663977b58a083ffdcee3f43ff71f62f85fb0096faf9c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2831D2B2B18A8141EB299B14E4207F967A0FB45B64F440374DA7E0B7D8CF3DE549C300
                                                                                                                                                                                      Function 00007FFDFAFC39B8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _chmod_stat64i32fclosefwrite
                                                                                                                                                                                      • String ID: ..\s\crypto\rand\randfile.c$Filename=
                                                                                                                                                                                      • API String ID: 4260490851-2201148535
                                                                                                                                                                                      • Opcode ID: ffb6a3000f1f43db175e07ee08783f9f81d8d84b3e7221bb60cce5b0c7cc5f2d
                                                                                                                                                                                      • Instruction ID: f20d3a6b4ed46e6f01640e7d44f69e26467e6e8f7d86201d03175e93847a5572
                                                                                                                                                                                      • Opcode Fuzzy Hash: ffb6a3000f1f43db175e07ee08783f9f81d8d84b3e7221bb60cce5b0c7cc5f2d
                                                                                                                                                                                      • Instruction Fuzzy Hash: F231CF62B0E64792E714EB16E464AA96350FF85B88F404131EA6D4BBEDDF3CE604C704
                                                                                                                                                                                      Function 00007FF799677A30 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32 ref: 00007FF799677A6A
                                                                                                                                                                                        • Part of subcall function 00007FF799672620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF799677744,?,?,?,?,?,?,?,?,?,?,?,00007FF79967101D), ref: 00007FF799672654
                                                                                                                                                                                        • Part of subcall function 00007FF799672620: MessageBoxW.USER32 ref: 00007FF79967272C
                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32 ref: 00007FF799677AF0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                      • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                      • API String ID: 3723044601-876015163
                                                                                                                                                                                      • Opcode ID: a067ef3949ab1c43b8cad70a8c207a907739284b21da8d2c9820fdf83144c31f
                                                                                                                                                                                      • Instruction ID: 4a75324088f6c00c57e3098ae5e7121ca9c913d2835dcd07ebb7702587889bf3
                                                                                                                                                                                      • Opcode Fuzzy Hash: a067ef3949ab1c43b8cad70a8c207a907739284b21da8d2c9820fdf83144c31f
                                                                                                                                                                                      • Instruction Fuzzy Hash: FA213222B18A4281FA60EF35F400069E3B2EF85784F944572DB6C83B69EF2DD5418710
                                                                                                                                                                                      Function 00007FF79968A620 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF799692433,?,?,?,00007FF79968CB8C,?,?,00000000,00007FF799683A5F,?,?,?,00007FF799689313), ref: 00007FF79968A62F
                                                                                                                                                                                      • FlsGetValue.KERNEL32(?,?,?,00007FF799692433,?,?,?,00007FF79968CB8C,?,?,00000000,00007FF799683A5F,?,?,?,00007FF799689313), ref: 00007FF79968A644
                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF799692433,?,?,?,00007FF79968CB8C,?,?,00000000,00007FF799683A5F,?,?,?,00007FF799689313), ref: 00007FF79968A665
                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF799692433,?,?,?,00007FF79968CB8C,?,?,00000000,00007FF799683A5F,?,?,?,00007FF799689313), ref: 00007FF79968A692
                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF799692433,?,?,?,00007FF79968CB8C,?,?,00000000,00007FF799683A5F,?,?,?,00007FF799689313), ref: 00007FF79968A6A3
                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF799692433,?,?,?,00007FF79968CB8C,?,?,00000000,00007FF799683A5F,?,?,?,00007FF799689313), ref: 00007FF79968A6B4
                                                                                                                                                                                      • SetLastError.KERNEL32(?,?,?,00007FF799692433,?,?,?,00007FF79968CB8C,?,?,00000000,00007FF799683A5F,?,?,?,00007FF799689313), ref: 00007FF79968A6CF
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Value$ErrorLast
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2506987500-0
                                                                                                                                                                                      • Opcode ID: 8ff2e8f234801333ca104f51e052509623115d46483bc0ab35df31335539f603
                                                                                                                                                                                      • Instruction ID: 73d80ed725b09cdc29989f16e4ca3e2d422295f8e366a04a994ffe3a41db0764
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ff2e8f234801333ca104f51e052509623115d46483bc0ab35df31335539f603
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9A213A70A0D202C2FA79BF725655139E2735F55BA0F940734D97E076DAEE2CB4414220
                                                                                                                                                                                      Function 61B096E1 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • bad marshal data (bytes object size out of range), xrefs: 61B0A3C3
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Bytes_Err_FromOccurredSizeStringmemcpy
                                                                                                                                                                                      • String ID: bad marshal data (bytes object size out of range)
                                                                                                                                                                                      • API String ID: 2675459810-66224825
                                                                                                                                                                                      • Opcode ID: 92c5b1a0b88adb179ce1d16a41b8aef37eea56c3925c4fd81cf8151255289d23
                                                                                                                                                                                      • Instruction ID: d7f6701de36fa4591aac1905f8b82d02cd5df80960f2d598847556aa05fd7fcb
                                                                                                                                                                                      • Opcode Fuzzy Hash: 92c5b1a0b88adb179ce1d16a41b8aef37eea56c3925c4fd81cf8151255289d23
                                                                                                                                                                                      • Instruction Fuzzy Hash: CD114C313466D082EA1CDF26D494B9E7B66FB85B82F0AE914CE4E47354DF38D885CB80
                                                                                                                                                                                      Function 61B105D0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 33COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Number_$DeallocErr_InvertNegativePositiveString
                                                                                                                                                                                      • String ID: Invalid operator
                                                                                                                                                                                      • API String ID: 4031754375-2676212410
                                                                                                                                                                                      • Opcode ID: e43d0ac3a2896a2f67a600cd6766564b3cbe55af0361f6eadad9ab3038d34fd0
                                                                                                                                                                                      • Instruction ID: 325188d79402b833f1e0c4fe39ff6b8c10fe0be5028896ba3e4c7a19bb3eea30
                                                                                                                                                                                      • Opcode Fuzzy Hash: e43d0ac3a2896a2f67a600cd6766564b3cbe55af0361f6eadad9ab3038d34fd0
                                                                                                                                                                                      • Instruction Fuzzy Hash: B3F06D31259984D0FB184B7AE84636D3772E7CAB48F6E9D11EA198223CDF39C0B58601
                                                                                                                                                                                      Function 61B7E7B0 Relevance: 9.1, APIs: 6, Instructions: 137stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _stat64$freemallocmemcpystrlen
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4289191721-0
                                                                                                                                                                                      • Opcode ID: 8414e5a3a7e4052aa9e9f449211b4d820bdd3805a5f9a4e46ec3ea4d71fd43f6
                                                                                                                                                                                      • Instruction ID: 6608ce95a6f936637fc42595c3cc74cd579b9565d2d2504914a6ebd053dc289f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8414e5a3a7e4052aa9e9f449211b4d820bdd3805a5f9a4e46ec3ea4d71fd43f6
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9A5190625096D089EB788B63D0803EEBBA2EF85B98F44C516EAB40B758D73EC145C751
                                                                                                                                                                                      Function 00007FFDFAFC648D Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 109stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: strncmp
                                                                                                                                                                                      • String ID: ASN1:$DER:$critical,
                                                                                                                                                                                      • API String ID: 1114863663-369496153
                                                                                                                                                                                      • Opcode ID: ddb8bcea3cefd020a4e8a34bae29a66c7c6434e734eea52e0975a0b147bfa819
                                                                                                                                                                                      • Instruction ID: f60e503ef5eaa3a1f75767b97e8dbfd30a1b96a8de8fcaeefaa4d2f6d33ee2f4
                                                                                                                                                                                      • Opcode Fuzzy Hash: ddb8bcea3cefd020a4e8a34bae29a66c7c6434e734eea52e0975a0b147bfa819
                                                                                                                                                                                      • Instruction Fuzzy Hash: E441AF22F096D702FB149B22A830B7A2A80AF05BD8F084131DD6E8B7EDDE3CE515C744
                                                                                                                                                                                      Function 00007FFDFAFC4DF4 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 108stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: strncmp
                                                                                                                                                                                      • String ID: ASN1:$DER:$critical,
                                                                                                                                                                                      • API String ID: 1114863663-369496153
                                                                                                                                                                                      • Opcode ID: 9dcb5025aebed33bc3ac4bc51b42553d44f8733820fabb1b2b7665fe447d2112
                                                                                                                                                                                      • Instruction ID: 12185e1854dd29369d20f83c6090cf56172c63062e4281c28f6250140e05aa60
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9dcb5025aebed33bc3ac4bc51b42553d44f8733820fabb1b2b7665fe447d2112
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C41C422F19A8742EB109F26B820B796A90AF45BE8F445131DD6E4B7EDDE3CE505C740
                                                                                                                                                                                      Function 61B0FB90 Relevance: 9.1, APIs: 6, Instructions: 72COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Dict_Item$Eval_Globals
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 298195719-0
                                                                                                                                                                                      • Opcode ID: f62a9e3b3299bc08e21e27f3257cdaa17620d9df9586d3163e61a32df8beaeea
                                                                                                                                                                                      • Instruction ID: 70b714899b52638c211c220f5537ed9612e635a594e4ffc4b7058de84f6c8323
                                                                                                                                                                                      • Opcode Fuzzy Hash: f62a9e3b3299bc08e21e27f3257cdaa17620d9df9586d3163e61a32df8beaeea
                                                                                                                                                                                      • Instruction Fuzzy Hash: AE119162F4669583FD1EA7967C553850952FB89FD6F4DC829CD0D46314EE28C8C38214
                                                                                                                                                                                      Function 61B0F4E0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 164memoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • Failed to alloc memory for spp code, xrefs: 61B0F72B
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AllocVirtualexitmemcpy
                                                                                                                                                                                      • String ID: Failed to alloc memory for spp code
                                                                                                                                                                                      • API String ID: 693558432-822294455
                                                                                                                                                                                      • Opcode ID: 2ac448e7bc59e173728e6f02294bee066b1d6f39c3e502552832df68f249fe3e
                                                                                                                                                                                      • Instruction ID: 20d93659b06e9d31499606b68eedc43e3ae5ba7fd23a457fdf669a5c45302ae1
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2ac448e7bc59e173728e6f02294bee066b1d6f39c3e502552832df68f249fe3e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 68518CB2702B8482EF598F56E8807587BA9FB48FD5F49812AEE5C477A4EB38C051C304
                                                                                                                                                                                      Function 00007FFDFB087060 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 129networkCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: getnameinfohtonsmemset
                                                                                                                                                                                      • String ID: $..\s\crypto\bio\b_addr.c
                                                                                                                                                                                      • API String ID: 165288700-1606403076
                                                                                                                                                                                      • Opcode ID: d2f848d746c8b10697f0348c3f562ec89d997c7dadc394e330dc32da209875ca
                                                                                                                                                                                      • Instruction ID: 03e1868b6d1e84d34c45e3ffffde75420639403bcfe44533c6c76b68d195f6f0
                                                                                                                                                                                      • Opcode Fuzzy Hash: d2f848d746c8b10697f0348c3f562ec89d997c7dadc394e330dc32da209875ca
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0751C421B4AA4382FB259F15D420AB973A0EF41744F448131EAAD4BAFDEF3DE6859700
                                                                                                                                                                                      Function 00007FF799672240 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                      • String ID: Unhandled exception in script
                                                                                                                                                                                      • API String ID: 3081866767-2699770090
                                                                                                                                                                                      • Opcode ID: 01a0bb9e98a22bc39d92f1d9306349b6b95e7735addeeef39cbdf51254e5f23a
                                                                                                                                                                                      • Instruction ID: 4aad9533128c2b7fd2fa26b7d8d5e179ec7ec655d1878852b9112b5b5da526f0
                                                                                                                                                                                      • Opcode Fuzzy Hash: 01a0bb9e98a22bc39d92f1d9306349b6b95e7735addeeef39cbdf51254e5f23a
                                                                                                                                                                                      • Instruction Fuzzy Hash: 13311826A09A8289EB24EF71E8552F9A3B2FF88794F800135EA5D4BB59DF3CD1458710
                                                                                                                                                                                      Function 00007FFDFAEA4BF0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914267094.00007FFDFAEA1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAEA0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914243897.00007FFDFAEA0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAEA6000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF4E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF52000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914528563.00007FFDFAFAF000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914549078.00007FFDFAFB1000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaea0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Arg_ArgumentReadyUnicode_
                                                                                                                                                                                      • String ID: a unicode character$argument$decomposition
                                                                                                                                                                                      • API String ID: 1875788646-2471543666
                                                                                                                                                                                      • Opcode ID: fb6dfd9ffdaf49ba4140d54d3d32b68e5125e30204456a752431b77ad20806da
                                                                                                                                                                                      • Instruction ID: 85e9ed2eab4ee6adc9d3b1672fc4c0a9ff4b63cf1a616e8e3e23dd31ca2dc4aa
                                                                                                                                                                                      • Opcode Fuzzy Hash: fb6dfd9ffdaf49ba4140d54d3d32b68e5125e30204456a752431b77ad20806da
                                                                                                                                                                                      • Instruction Fuzzy Hash: F72190E1B0860A82FB6CAB25D571B791291AF84B94F544575CF2F4F3C8DF2EE8499340
                                                                                                                                                                                      Function 00007FFDFAEA4FD0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914267094.00007FFDFAEA1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAEA0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914243897.00007FFDFAEA0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAEA6000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF4E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF52000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914528563.00007FFDFAFAF000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914549078.00007FFDFAFB1000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaea0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Arg_ArgumentReadyUnicode_
                                                                                                                                                                                      • String ID: a unicode character$argument$east_asian_width
                                                                                                                                                                                      • API String ID: 1875788646-3913127203
                                                                                                                                                                                      • Opcode ID: 3049eb6223301432bab1d64342742326a33489a89824b1eb66d711c2c6d325e9
                                                                                                                                                                                      • Instruction ID: 043c623f5da99849a228451fb01eb0f98b2e445679d6e5f56b88364ce20fd7d6
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3049eb6223301432bab1d64342742326a33489a89824b1eb66d711c2c6d325e9
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6021D1A1B0860682FB5C5B15C8B1B7922959F86B94F444475DF2F4F3C8DE2FE8458390
                                                                                                                                                                                      Function 00007FF799672620 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF799677744,?,?,?,?,?,?,?,?,?,?,?,00007FF79967101D), ref: 00007FF799672654
                                                                                                                                                                                        • Part of subcall function 00007FF7996774B0: GetLastError.KERNEL32(00000000,00007FF7996726A0), ref: 00007FF7996774D7
                                                                                                                                                                                        • Part of subcall function 00007FF7996774B0: FormatMessageW.KERNEL32(00000000,00007FF7996726A0), ref: 00007FF799677506
                                                                                                                                                                                        • Part of subcall function 00007FF799677A30: MultiByteToWideChar.KERNEL32 ref: 00007FF799677A6A
                                                                                                                                                                                      • MessageBoxW.USER32 ref: 00007FF79967272C
                                                                                                                                                                                      • MessageBoxA.USER32 ref: 00007FF799672748
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Message$ErrorLast$ByteCharFormatMultiWide
                                                                                                                                                                                      • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                      • API String ID: 2806210788-2410924014
                                                                                                                                                                                      • Opcode ID: bd2085b38ade222d48c53e4b242a54a19eedc60d0d0276a39b8304b5fd6b5430
                                                                                                                                                                                      • Instruction ID: 4966ea3d39accd05bf1668c54926c908baa1c8b0c422090da719c9a7e6978903
                                                                                                                                                                                      • Opcode Fuzzy Hash: bd2085b38ade222d48c53e4b242a54a19eedc60d0d0276a39b8304b5fd6b5430
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E31217662878291F630AF20E4517EAA3B6FB84784FC04036E69D47B99DF3CD245CB50
                                                                                                                                                                                      Function 61B10225 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • catching classes that do not inherit from BaseException is not allowed, xrefs: 61B10365
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Err_$DeallocExceptionGivenMatchesSizeStringTuple_
                                                                                                                                                                                      • String ID: catching classes that do not inherit from BaseException is not allowed
                                                                                                                                                                                      • API String ID: 1667255942-1287988286
                                                                                                                                                                                      • Opcode ID: c0edb2aee330522def09da44b1c3de2a248a472726f822d0e0e333713dea02a3
                                                                                                                                                                                      • Instruction ID: c22ac20c31a8a0bc089cfa0a8b133bc4d09fa1b7058dd088e8d0d7bee924291a
                                                                                                                                                                                      • Opcode Fuzzy Hash: c0edb2aee330522def09da44b1c3de2a248a472726f822d0e0e333713dea02a3
                                                                                                                                                                                      • Instruction Fuzzy Hash: 40215B7270978486EB0D8B56E58639A3B61F747F88F09D425CE4D97368DF2AC0A5C341
                                                                                                                                                                                      Function 00007FFDFAEA1EC0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914267094.00007FFDFAEA1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAEA0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914243897.00007FFDFAEA0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAEA6000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF4E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF52000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914528563.00007FFDFAFAF000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914549078.00007FFDFAFB1000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaea0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Err_strncmp$DataFormatFromKindStringUnicode_
                                                                                                                                                                                      • String ID: name too long$undefined character name '%s'
                                                                                                                                                                                      • API String ID: 2291325159-4056717002
                                                                                                                                                                                      • Opcode ID: 4d3d9bbcfcb2b76ebef15fb2bf955f31dbf4cc68b858e63a76568d921ffed92d
                                                                                                                                                                                      • Instruction ID: 95353f99f2bbdbe345e368e4b5459dbff868f24e0f4dc6955ecfab7ca179b8bf
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d3d9bbcfcb2b76ebef15fb2bf955f31dbf4cc68b858e63a76568d921ffed92d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A1151B5B0894781EB08EB18D464AB86360FF99B58F8000B1C62F4F2E9DF7ED14AC750
                                                                                                                                                                                      Function 61B107B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • local variable referenced before assignment, xrefs: 61B107FB
                                                                                                                                                                                      • No active exception to reraise, xrefs: 61B107DC
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Err_$Format$Occurred
                                                                                                                                                                                      • String ID: No active exception to reraise$local variable referenced before assignment
                                                                                                                                                                                      • API String ID: 1084603930-1116140797
                                                                                                                                                                                      • Opcode ID: 3cc3c2ca48d362c8093ac4985812ca72e8df5d8ef321c9e6ef8b2d79a8f9db33
                                                                                                                                                                                      • Instruction ID: 17232e05a26c6c8839bcffa24af84de3b83d5e1ebf4379455c944f0555420e48
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3cc3c2ca48d362c8093ac4985812ca72e8df5d8ef321c9e6ef8b2d79a8f9db33
                                                                                                                                                                                      • Instruction Fuzzy Hash: 91F05E7170574A91FE049B76E9C138813A6EB49B60F496811C91A8B224CF6EC0FA8710
                                                                                                                                                                                      Function 00007FFDFAFC1064 Relevance: 7.8, APIs: 2, Strings: 3, Instructions: 275stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: memmovestrncpy
                                                                                                                                                                                      • String ID: ..\s\crypto\x509\x509_obj.c$0123456789ABCDEF$NO X509_NAME
                                                                                                                                                                                      • API String ID: 3054264757-3422593365
                                                                                                                                                                                      • Opcode ID: 9b9efaebcae82d5b25afce34890e7de1e927facac3b25ebeea1ebe1cac246e78
                                                                                                                                                                                      • Instruction ID: 43414239b1c510a8763a1c9e90be5011f7441ca45df1fdff6d2a88bc53b971d9
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9b9efaebcae82d5b25afce34890e7de1e927facac3b25ebeea1ebe1cac246e78
                                                                                                                                                                                      • Instruction Fuzzy Hash: 28B1E323F0A68385FB148B569460B7AB790FF89798F084135EA6E477E9DF7CE4518700
                                                                                                                                                                                      Function 00007FFDFAFC1762 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 203COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: $$..\s\crypto\rsa\rsa_sign.c
                                                                                                                                                                                      • API String ID: 0-1864662394
                                                                                                                                                                                      • Opcode ID: 5be8950669065cf38b90a0ebdc6f30fdb2fef65e54fc5a44b632af0f9284c8ab
                                                                                                                                                                                      • Instruction ID: a6b7dc55e773c6c8f7e5e62bee955dddba41d39deac4ace22f96e2befdcfccd9
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5be8950669065cf38b90a0ebdc6f30fdb2fef65e54fc5a44b632af0f9284c8ab
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B918962F0A6C396E7249E12A060BA96790FB44B8CF408131EAAD47BEDDF7CF545C700
                                                                                                                                                                                      Function 00007FFDFAFC1ED3 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 166COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: memmove
                                                                                                                                                                                      • String ID: ..\s\crypto\pem\pem_lib.c$;$Enter PEM pass phrase:
                                                                                                                                                                                      • API String ID: 2162964266-3733131234
                                                                                                                                                                                      • Opcode ID: bdc686fb8aba523b28e55b03942bb12ed9c37acd52b0f3eb95ac45e93db571c2
                                                                                                                                                                                      • Instruction ID: 13d0a2dad9709f1e1793d47f41e4608bfda93b8edc9190af1f7577114bed29ea
                                                                                                                                                                                      • Opcode Fuzzy Hash: bdc686fb8aba523b28e55b03942bb12ed9c37acd52b0f3eb95ac45e93db571c2
                                                                                                                                                                                      • Instruction Fuzzy Hash: 84719362B0968386E720DB22F460BAA7390FF94798F550235EAAD47ADDDF3CD501CB04
                                                                                                                                                                                      Function 61B12620 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 109stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: sprintfstrlen
                                                                                                                                                                                      • String ID: ../src/platforms/windows/hdinfo.c$/%d:$No any serial number of harddisk got
                                                                                                                                                                                      • API String ID: 1090396089-4267867539
                                                                                                                                                                                      • Opcode ID: a6e5ac065751269d4065104fe785992f9fab6ea796f1317f4210fb337939e264
                                                                                                                                                                                      • Instruction ID: f92cae88e382bc2665ad6c041e7191a53b5088152c47a17280cd8c4ae3a68ae3
                                                                                                                                                                                      • Opcode Fuzzy Hash: a6e5ac065751269d4065104fe785992f9fab6ea796f1317f4210fb337939e264
                                                                                                                                                                                      • Instruction Fuzzy Hash: 67317F53B0D4C049EE198A79AC513DD2613E787BE4FADC6A1DD25876CCDB3989C6C300
                                                                                                                                                                                      Function 61B11590 Relevance: 7.6, APIs: 5, Instructions: 100COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • PyFunction_NewWithQualName.PYTHON39 ref: 61B115DC
                                                                                                                                                                                      • _Py_Dealloc.PYTHON39 ref: 61B11667
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: DeallocFunction_NameQualWith
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2691592392-0
                                                                                                                                                                                      • Opcode ID: b927ae74619758a598cfc9270831e4a31ed0d6aa4f6bb5add9ed4790784cb533
                                                                                                                                                                                      • Instruction ID: f72ec1ecf6ad03a4ae1ffde0be64eb248f86ae5d2219c50aec7c9a347d961c9d
                                                                                                                                                                                      • Opcode Fuzzy Hash: b927ae74619758a598cfc9270831e4a31ed0d6aa4f6bb5add9ed4790784cb533
                                                                                                                                                                                      • Instruction Fuzzy Hash: D531703264AAA0C5FA1E9FB6E54536826B5F766BD4F1ECD20EF1506B18EF36C091C300
                                                                                                                                                                                      Function 61B1E770 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: N != NULL$src/math/rand_prime.c
                                                                                                                                                                                      • API String ID: 0-3192267683
                                                                                                                                                                                      • Opcode ID: 1cbc81b8573c0c28a796ed0c228a5a614023403950c6f6348fa2b0dd56f1f495
                                                                                                                                                                                      • Instruction ID: 98e68a1f046a9c4d44c70465c08ff632da9c0c24eb1638975e6f8b45fcc47180
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1cbc81b8573c0c28a796ed0c228a5a614023403950c6f6348fa2b0dd56f1f495
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E31266230868185FB2A9A57F80179E6B65F7C6BE8F4D8225ED198BF98DB38C041C700
                                                                                                                                                                                      Function 61B7D320 Relevance: 7.6, APIs: 5, Instructions: 56timethreadCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetSystemTimeAsFileTime.KERNEL32 ref: 61B7D365
                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 61B7D370
                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 61B7D379
                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 61B7D381
                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32 ref: 61B7D38E
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1445889803-0
                                                                                                                                                                                      • Opcode ID: 93b6f95df46dcfb8700c2fdce4609375bd01251149d930a2bdc71f59330368f3
                                                                                                                                                                                      • Instruction ID: 2004addb4242c61ecbba8b596e659295f4f4faa30272d1cdc7727844d5a4e8b2
                                                                                                                                                                                      • Opcode Fuzzy Hash: 93b6f95df46dcfb8700c2fdce4609375bd01251149d930a2bdc71f59330368f3
                                                                                                                                                                                      • Instruction Fuzzy Hash: C111BF7A225A4081FB109B21F80439977A1B749BF0F082B74EE5C037B4DB3CC4968700
                                                                                                                                                                                      Function 61B09890 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 61B07CA0: _PyFloat_Unpack8.PYTHON39 ref: 61B07CD1
                                                                                                                                                                                      • PyErr_Occurred.PYTHON39 ref: 61B098B4
                                                                                                                                                                                      • PyErr_Occurred.PYTHON39 ref: 61B09A7D
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Err_Occurred$Float_Unpack8
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3006406168-0
                                                                                                                                                                                      • Opcode ID: 47afa62a8177051337b94968dc14042afe213ee857901c0413ebd47eb1c42671
                                                                                                                                                                                      • Instruction ID: 764f9a08b4ff993efb62b8751ff4bc8266926cdc35b694b5d2b421c8b9d8e037
                                                                                                                                                                                      • Opcode Fuzzy Hash: 47afa62a8177051337b94968dc14042afe213ee857901c0413ebd47eb1c42671
                                                                                                                                                                                      • Instruction Fuzzy Hash: 641184712456D086F90DCB75C0A475A3B69EB86B82F06FB05C90E27260DF35D5C2C740
                                                                                                                                                                                      Function 61B097D3 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 61B080F0: memcpy.MSVCRT ref: 61B08149
                                                                                                                                                                                        • Part of subcall function 61B080F0: PyOS_string_to_double.PYTHON39 ref: 61B0815B
                                                                                                                                                                                      • PyErr_Occurred.PYTHON39 ref: 61B097F7
                                                                                                                                                                                      • PyErr_Occurred.PYTHON39 ref: 61B09ADD
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Err_Occurred$S_string_to_doublememcpy
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 282781714-0
                                                                                                                                                                                      • Opcode ID: 25f70a189c164c6dd830f08d9b3fe38686469130f539b155406aeb4c73cb39b1
                                                                                                                                                                                      • Instruction ID: ca01db5aff0b12f7e503de5b2c6ddf0324c6af609ff46426e22840c816c6db9b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 25f70a189c164c6dd830f08d9b3fe38686469130f539b155406aeb4c73cb39b1
                                                                                                                                                                                      • Instruction Fuzzy Hash: 181193716456D086F90ECB75C0A4B4A3B65FB86B82F0AEB05CE0E27260DF35D5C6CB90
                                                                                                                                                                                      Function 00007FF79968A6F4 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF799692433,?,?,?,00007FF79968CB8C,?,?,00000000,00007FF799683A5F), ref: 00007FF79968A705
                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF799692433,?,?,?,00007FF79968CB8C,?,?,00000000,00007FF799683A5F), ref: 00007FF79968A724
                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF799692433,?,?,?,00007FF79968CB8C,?,?,00000000,00007FF799683A5F), ref: 00007FF79968A74C
                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF799692433,?,?,?,00007FF79968CB8C,?,?,00000000,00007FF799683A5F), ref: 00007FF79968A75D
                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF799692433,?,?,?,00007FF79968CB8C,?,?,00000000,00007FF799683A5F), ref: 00007FF79968A76E
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Value
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3702945584-0
                                                                                                                                                                                      • Opcode ID: 8a1bb1fb30c776521f71cd7f268cc6825f5a57dec437cff5255c4fa0cbf0b49a
                                                                                                                                                                                      • Instruction ID: c600ec7857520844fcbcd2d6753b112b199179e28c033915c05c953ea5b01934
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8a1bb1fb30c776521f71cd7f268cc6825f5a57dec437cff5255c4fa0cbf0b49a
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C11D638A09202C2FA79BE73486617AD2B34F65770F981734D97E0A2D2ED2CB8419231
                                                                                                                                                                                      Function 61B5AE30 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 233fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: abortfwrite
                                                                                                                                                                                      • String ID: '$illegal index register
                                                                                                                                                                                      • API String ID: 1067672060-451399654
                                                                                                                                                                                      • Opcode ID: cf684d3f0c9f7f0cca09918a640f5996643ad27ccaa16bf0039dacbc564c5efe
                                                                                                                                                                                      • Instruction ID: a5651358368c348204955916088e8502dd3e9c0ef09020ed6bda2da3f09e441a
                                                                                                                                                                                      • Opcode Fuzzy Hash: cf684d3f0c9f7f0cca09918a640f5996643ad27ccaa16bf0039dacbc564c5efe
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9C918EB361AB89C4DB178F3DE890A4C3F65E395F88B9AC112CA4C47760DA7EC566C710
                                                                                                                                                                                      Function 00007FF79968F198 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                      • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                      • API String ID: 3215553584-1196891531
                                                                                                                                                                                      • Opcode ID: e657aeb740c2ac826b77e83addb2cc82262a2e6e3b5be7210a8d66ad85871f1f
                                                                                                                                                                                      • Instruction ID: 6a04b2884da6226e2135f1ea046e6eeccb1f56293f9bf8eeeaad9e54e848b90e
                                                                                                                                                                                      • Opcode Fuzzy Hash: e657aeb740c2ac826b77e83addb2cc82262a2e6e3b5be7210a8d66ad85871f1f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D818136E0C202C6F7B47E3F8110278F6B2AB15B88FD58035DA6997295DF2DE90197E1
                                                                                                                                                                                      Function 00007FF79967E464 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                      • String ID: csm$csm
                                                                                                                                                                                      • API String ID: 3896166516-3733052814
                                                                                                                                                                                      • Opcode ID: 37bca86698e542f9df3f1c5971c843800452ce466371b2576d682bdca002ed1e
                                                                                                                                                                                      • Instruction ID: f4ee3320e5ad9ff6ad4ec54d7b9544e339ecb18db1cc1e515017a1ebf144bc10
                                                                                                                                                                                      • Opcode Fuzzy Hash: 37bca86698e542f9df3f1c5971c843800452ce466371b2576d682bdca002ed1e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D51A23290874286FB75AF359144268B7B2EB64B88F944135DAEC47BE9CF3CE454CB20
                                                                                                                                                                                      Function 00007FFDFAFC2833 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 137COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: ..\s\crypto\async\async.c$T
                                                                                                                                                                                      • API String ID: 0-2182492907
                                                                                                                                                                                      • Opcode ID: a33d45e2f4587f719cdbf1e34ec74563639429da3cbb627bda4703f90277fc8c
                                                                                                                                                                                      • Instruction ID: 69314d499552acb54e24fa60154af59bbede7c8a01173d0890c162ffad3f6ada
                                                                                                                                                                                      • Opcode Fuzzy Hash: a33d45e2f4587f719cdbf1e34ec74563639429da3cbb627bda4703f90277fc8c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 18519E31B0AA4392F724DB12D4209B96360EF85798F445134EA6D4BBEEDF3DE609D700
                                                                                                                                                                                      Function 00007FFDFAFC3841 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 82COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: ..\s\crypto\bio\b_sock.c$J$host=
                                                                                                                                                                                      • API String ID: 0-1729655730
                                                                                                                                                                                      • Opcode ID: 01b0efafc7697a4f7d6a1a530da6b0f90e7318cc905d80235fe94a0ed0c4634c
                                                                                                                                                                                      • Instruction ID: e756614e6d76a02d8ecc5a0a79635ebb3faf8019d73c57e20142dd82c6f9a584
                                                                                                                                                                                      • Opcode Fuzzy Hash: 01b0efafc7697a4f7d6a1a530da6b0f90e7318cc905d80235fe94a0ed0c4634c
                                                                                                                                                                                      • Instruction Fuzzy Hash: AB318E22B0894282EB14DB56F4619AEA360FF85794F440135FBAD87BEEDF3DD6418B00
                                                                                                                                                                                      Function 61B0F750 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 81memoryfileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • Failed to alloc memory for bcc code, xrefs: 61B0F847
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AllocVirtualfwritememcpy
                                                                                                                                                                                      • String ID: Failed to alloc memory for bcc code
                                                                                                                                                                                      • API String ID: 1603020442-783995166
                                                                                                                                                                                      • Opcode ID: 8125d5d4d242057d8e641c681b9bf580e3305c09e402686b5e960c2fff33bb74
                                                                                                                                                                                      • Instruction ID: d1044b77ec8c620ef9003d8ba4e92cd0cac257f108950b99a6c5a6f8c44912f9
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8125d5d4d242057d8e641c681b9bf580e3305c09e402686b5e960c2fff33bb74
                                                                                                                                                                                      • Instruction Fuzzy Hash: 05218DB2702B9486DB548F1AE8807AC7BA4F70DFD9F48952ADE0C43750EB38C1A2C350
                                                                                                                                                                                      Function 00007FF7996724D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                      • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                      • API String ID: 1878133881-2410924014
                                                                                                                                                                                      • Opcode ID: 1ad8658de8dbd2e7b08889bff9c9537d6e44ae678795f4b96bc9f189f6c45e5f
                                                                                                                                                                                      • Instruction ID: 5b8e46e8302c47d9ea066a141f81b2a46648a287224672c7f22f75f15ca7f6ef
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1ad8658de8dbd2e7b08889bff9c9537d6e44ae678795f4b96bc9f189f6c45e5f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A31007262878191F630AF21E4516EAA3B6FB84784F804136EA9D47A99DE3CD245CB50
                                                                                                                                                                                      Function 61B093C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • bad marshal data (string size out of range), xrefs: 61B09B2F
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Err_$OccurredString
                                                                                                                                                                                      • String ID: bad marshal data (string size out of range)
                                                                                                                                                                                      • API String ID: 114435612-3115314950
                                                                                                                                                                                      • Opcode ID: 1d62c9c056b0a62089bfdcbe7dea841679c6faaf2440bd8da759e1b7d3d14c27
                                                                                                                                                                                      • Instruction ID: 260cdf2e2ff16058c5302c240d4a7b3ce2fa52701e354c6553f29e91524bbe12
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d62c9c056b0a62089bfdcbe7dea841679c6faaf2440bd8da759e1b7d3d14c27
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B11A3322066C486FA1ACB15E4407AA7BA5FF88B96F09D524CE4D07764EF38D886C740
                                                                                                                                                                                      Function 00007FFDFAEA5964 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914267094.00007FFDFAEA1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAEA0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914243897.00007FFDFAEA0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAEA6000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF4E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF52000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914528563.00007FFDFAFAF000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914549078.00007FFDFAFB1000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaea0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: DoubleErr_Float_FromNumericStringUnicode_
                                                                                                                                                                                      • String ID: not a numeric character
                                                                                                                                                                                      • API String ID: 727557307-2058156748
                                                                                                                                                                                      • Opcode ID: 7b2889b2e6f4d5ab35650cae7173551541f9cb47526f84e30736909e8f3659dc
                                                                                                                                                                                      • Instruction ID: bfc1933485df7c816b5e03d04ceb47f16dbfec59c6bc8344f296b7263868c374
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b2889b2e6f4d5ab35650cae7173551541f9cb47526f84e30736909e8f3659dc
                                                                                                                                                                                      • Instruction Fuzzy Hash: BA11C6D1B0C64281FF1D6725E47093853A4AFD6B64F15C1B0CA7F0E2D8DF2DE8458220
                                                                                                                                                                                      Function 00007FFDFAEA4B70 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914267094.00007FFDFAEA1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAEA0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914243897.00007FFDFAEA0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAEA6000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF4E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF52000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914528563.00007FFDFAFAF000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914549078.00007FFDFAFB1000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaea0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: DecimalDigitErr_FromLongLong_StringUnicode_
                                                                                                                                                                                      • String ID: not a decimal
                                                                                                                                                                                      • API String ID: 2585962759-3590249192
                                                                                                                                                                                      • Opcode ID: e78934462dd6755412ee24927d6af393205d162cf34f3a61138b07234db5534c
                                                                                                                                                                                      • Instruction ID: 181488e3adfc9ed9e1164c8beba31613a8e90904036484b97278553de75e6632
                                                                                                                                                                                      • Opcode Fuzzy Hash: e78934462dd6755412ee24927d6af393205d162cf34f3a61138b07234db5534c
                                                                                                                                                                                      • Instruction Fuzzy Hash: EB0152A2B0C64681EF1CAB25D474B7862A1EFC4B44F5980B0C92F4E2D8DE2DE8498300
                                                                                                                                                                                      Function 61B09970 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Err_$String$Occurred
                                                                                                                                                                                      • String ID: bad marshal data (invalid reference)
                                                                                                                                                                                      • API String ID: 1118661901-2759865940
                                                                                                                                                                                      • Opcode ID: 90ad3d2e094f843839b28ef2bcd9419247b64dc6aec6734996e13390556df507
                                                                                                                                                                                      • Instruction ID: fb11b3a1924c173885d2e2b91d66f6b5f033efaeeaac4ba4fddc56841d2c419e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 90ad3d2e094f843839b28ef2bcd9419247b64dc6aec6734996e13390556df507
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B114CB1205AC1C2EA08CF26D49479D3B7AF785BA5F4AEA01DA0E47364DF35D8D5C780
                                                                                                                                                                                      Function 00007FFDFAFC139D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38networkCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorLastsocket
                                                                                                                                                                                      • String ID: ..\s\crypto\bio\b_sock2.c$2
                                                                                                                                                                                      • API String ID: 1120909799-2051290508
                                                                                                                                                                                      • Opcode ID: 7734bc7eb848a8c2f13e03d8370f2b6d25dc2938cf9324aa6d1bac55b8e4a966
                                                                                                                                                                                      • Instruction ID: 01123226eb5f508138b98360a6bc75fd967fb3ab5acf46ed6044f4052434a851
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7734bc7eb848a8c2f13e03d8370f2b6d25dc2938cf9324aa6d1bac55b8e4a966
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9001C031F0994382E7209B26E4149AD6260FF45769F504335F67D87AE9CF3DEA42C740
                                                                                                                                                                                      Function 00007FF799673BA0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(?,00007FF799673699), ref: 00007FF799673BD1
                                                                                                                                                                                        • Part of subcall function 00007FF799672620: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF799677744,?,?,?,?,?,?,?,?,?,?,?,00007FF79967101D), ref: 00007FF799672654
                                                                                                                                                                                        • Part of subcall function 00007FF799672620: MessageBoxW.USER32 ref: 00007FF79967272C
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorFileLastMessageModuleName
                                                                                                                                                                                      • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                      • API String ID: 2581892565-1977442011
                                                                                                                                                                                      • Opcode ID: fe87d08da65b513e87772ab3e16eb14927cda1b8744753a26f3e7d7b1799e4b8
                                                                                                                                                                                      • Instruction ID: dffbce791132760f5be8225a78daa5b0ea1281113cd13322f5da4ed9f6b4ff4e
                                                                                                                                                                                      • Opcode Fuzzy Hash: fe87d08da65b513e87772ab3e16eb14927cda1b8744753a26f3e7d7b1799e4b8
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F018B61B1D74281FA31BF30E8163B992B7AF587C4FC01136E96E86782EE5CE2449730
                                                                                                                                                                                      Function 61B11B60 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • ../src/platforms/windows/hdinfo.c, xrefs: 61B11BA0
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                                                                                      • String ID: ../src/platforms/windows/hdinfo.c
                                                                                                                                                                                      • API String ID: 1365068426-2451707101
                                                                                                                                                                                      • Opcode ID: 047e74e7558a874c33a40e3203b1a6c171f422d825aa74040d68500aaa8d39d5
                                                                                                                                                                                      • Instruction ID: 0d2def3d536db2f8b20cac7f6acc245fb84d9c8977853cc1ab40b2768d53a2d7
                                                                                                                                                                                      • Opcode Fuzzy Hash: 047e74e7558a874c33a40e3203b1a6c171f422d825aa74040d68500aaa8d39d5
                                                                                                                                                                                      • Instruction Fuzzy Hash: 88F03936204A4086E7109B11F85478A7B62F3CAB95F545129EB8E42B74DF3EC11A8B50
                                                                                                                                                                                      Function 00007FFDFB1E99F0 Relevance: 6.5, APIs: 5, Instructions: 232COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: memcmp
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1475443563-0
                                                                                                                                                                                      • Opcode ID: 06533f56ebbf768209d34c10d8a7c5afb5f4e7864eca73073be81a017dffc2ce
                                                                                                                                                                                      • Instruction ID: 4414b731da1a876e21880b456f4a1cc6ddf4ffea8317986322b1e0865634e245
                                                                                                                                                                                      • Opcode Fuzzy Hash: 06533f56ebbf768209d34c10d8a7c5afb5f4e7864eca73073be81a017dffc2ce
                                                                                                                                                                                      • Instruction Fuzzy Hash: 09918F62F0965785FB109B62D960ABD53A2BF407D8F409035EE2D5BAEDEE38F505C300
                                                                                                                                                                                      Function 00007FFDFAFC643D Relevance: 6.4, APIs: 2, Strings: 2, Instructions: 395COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: memset
                                                                                                                                                                                      • String ID: ..\s\crypto\sm2\sm2_crypt.c$@
                                                                                                                                                                                      • API String ID: 2221118986-485510600
                                                                                                                                                                                      • Opcode ID: cd74a8d878f1a5f0695a56e3f7fb90c4b032a70a3b36df810eff86d90cd88446
                                                                                                                                                                                      • Instruction ID: 898094859d7ddd60abc6b86eef23d63c0c5aeb744b985bda884be410b40afeb6
                                                                                                                                                                                      • Opcode Fuzzy Hash: cd74a8d878f1a5f0695a56e3f7fb90c4b032a70a3b36df810eff86d90cd88446
                                                                                                                                                                                      • Instruction Fuzzy Hash: 99028572B09A8381E714DF16E4509AE6764FF84B98F404235EA9D4BBE9DF3DE605CB00
                                                                                                                                                                                      Function 00007FF79968BA70 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2718003287-0
                                                                                                                                                                                      • Opcode ID: f750311aff661a04a86bbbada4284786bf27b8065a17484a8f486471230e888d
                                                                                                                                                                                      • Instruction ID: cd3ab9652e57334b64d9d140007e6eed0ed1f8a5953b3dcaa2a7ada916a12d81
                                                                                                                                                                                      • Opcode Fuzzy Hash: f750311aff661a04a86bbbada4284786bf27b8065a17484a8f486471230e888d
                                                                                                                                                                                      • Instruction Fuzzy Hash: B7D1E232B18A8089F760DF76D4442ACB7B2FB447D8B844235CE6E97B99DE38D006C350
                                                                                                                                                                                      Function 00007FFDFAFC382D Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 226COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: )$..\s\crypto\evp\p5_crpt.c
                                                                                                                                                                                      • API String ID: 0-3563398421
                                                                                                                                                                                      • Opcode ID: a0ff16798964d517f23f621a694b9ffa1db1e9190bfdfc635015992b37e2d6c0
                                                                                                                                                                                      • Instruction ID: 740f6b661980b0b39a48c5ec99e426554e9946067113912929e075da8cca9fd2
                                                                                                                                                                                      • Opcode Fuzzy Hash: a0ff16798964d517f23f621a694b9ffa1db1e9190bfdfc635015992b37e2d6c0
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5691B763F1928386FB24DB129420ABA6350FF86798F555231E96D4BADDDF3CE641CB00
                                                                                                                                                                                      Function 00007FF79968C430 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF79968C41B), ref: 00007FF79968C54C
                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF79968C41B), ref: 00007FF79968C5D7
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ConsoleErrorLastMode
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 953036326-0
                                                                                                                                                                                      • Opcode ID: f410d9e07cb2d854853af875ff306a0e9c9ee922f70c4cde11a48ef332fbc2ec
                                                                                                                                                                                      • Instruction ID: 30e1ae8f8c507c5048c9ea03a093e4303d58a9be075483731615929946d2bb71
                                                                                                                                                                                      • Opcode Fuzzy Hash: f410d9e07cb2d854853af875ff306a0e9c9ee922f70c4cde11a48ef332fbc2ec
                                                                                                                                                                                      • Instruction Fuzzy Hash: DA91F362E08652C5F770AF3694402BDEBB2BB54B88F941139DE1E63A84DF3DD481C720
                                                                                                                                                                                      Function 00007FFDFAFC2DEC Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 173COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorLast
                                                                                                                                                                                      • String ID: Operation not permitted$unknown
                                                                                                                                                                                      • API String ID: 1452528299-31098287
                                                                                                                                                                                      • Opcode ID: 60a88963b320452ba2e7d5cb71e0c19f448a51f504cb7ea22ed3b1f741502950
                                                                                                                                                                                      • Instruction ID: bd1d2c9d5efa5ae39455632889ab91c4119f0664eb9b02b3bbc97ae0ecef62fd
                                                                                                                                                                                      • Opcode Fuzzy Hash: 60a88963b320452ba2e7d5cb71e0c19f448a51f504cb7ea22ed3b1f741502950
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6A815D22F1A64386EB149B12E874B7923A0FF95798F440231ED6D8B2EDDF3CE5458740
                                                                                                                                                                                      Function 00007FFDFAEA1F40 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 173stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914267094.00007FFDFAEA1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAEA0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914243897.00007FFDFAEA0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAEA6000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF4E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF52000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914528563.00007FFDFAFAF000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914549078.00007FFDFAFB1000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaea0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: strncmp
                                                                                                                                                                                      • String ID: CJK UNIFIED IDEOGRAPH-$HANGUL SYLLABLE
                                                                                                                                                                                      • API String ID: 1114863663-87138338
                                                                                                                                                                                      • Opcode ID: 28284ee8d92930c45441912fa1ba1437306f5e879eb558367f422bc488895435
                                                                                                                                                                                      • Instruction ID: 4772982f8e246423aee416d8f2730c43b291a37915eb3aa0eb47a7132f75bedb
                                                                                                                                                                                      • Opcode Fuzzy Hash: 28284ee8d92930c45441912fa1ba1437306f5e879eb558367f422bc488895435
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E614BB2B1864246E768EA19A460F7A7692FF80B90F044235E97F4BADDEF3DD405D700
                                                                                                                                                                                      Function 00007FFDFAFC153C Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: memmove
                                                                                                                                                                                      • String ID: ..\s\crypto\ct\ct_oct.c
                                                                                                                                                                                      • API String ID: 2162964266-1972679481
                                                                                                                                                                                      • Opcode ID: 4e82cae2aa1f4f7bbf4560a5a95d76e090609bb2fa029e246dc49390338f2df8
                                                                                                                                                                                      • Instruction ID: ce2b3bc47d0e5da58411e86645d08ed4cd958c6b66f8a35d97fa01861a28c2d9
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e82cae2aa1f4f7bbf4560a5a95d76e090609bb2fa029e246dc49390338f2df8
                                                                                                                                                                                      • Instruction Fuzzy Hash: C171D6A270E68289E715CF2680605BC3B60EB19B88F044172EEAC473DFDF2CE659D701
                                                                                                                                                                                      Function 00007FFDFB073980 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 155stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: strncmp
                                                                                                                                                                                      • String ID: content-type
                                                                                                                                                                                      • API String ID: 1114863663-3266185539
                                                                                                                                                                                      • Opcode ID: 00a341a851545be2a8da524dcddeb1d98576832106f68cef986c537e7134ac14
                                                                                                                                                                                      • Instruction ID: 94bb520f3802a1047d46bcf1819ec6378646c035f3878c03157c7bdbdb8fcd29
                                                                                                                                                                                      • Opcode Fuzzy Hash: 00a341a851545be2a8da524dcddeb1d98576832106f68cef986c537e7134ac14
                                                                                                                                                                                      • Instruction Fuzzy Hash: FE510712B0E54351FB649716A471F7AA290FF86BA4F545230EE7D876EDEE2CE6039300
                                                                                                                                                                                      Function 61B01010 Relevance: 6.1, APIs: 4, Instructions: 131sleepCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Sleep_amsg_exit
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1015461914-0
                                                                                                                                                                                      • Opcode ID: 3bd0c23425649b6bf193be68188acf9665ad97c27ff63b365e523a2827455451
                                                                                                                                                                                      • Instruction ID: 4bd53e6bef18b85a50da582b0f294ab9d175883dba409d783c69f22d07c55230
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3bd0c23425649b6bf193be68188acf9665ad97c27ff63b365e523a2827455451
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C41923670258485F74E9B5BEC903992A76FB89B9AF4CC426DE1C47350EF39C492C350
                                                                                                                                                                                      Function 61B1F3E0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • in != NULL, xrefs: 61B1F539
                                                                                                                                                                                      • src/pk/asn1/der/sequence/der_decode_sequence_multi.c, xrefs: 61B1F532
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: in != NULL$src/pk/asn1/der/sequence/der_decode_sequence_multi.c
                                                                                                                                                                                      • API String ID: 0-85593093
                                                                                                                                                                                      • Opcode ID: e8f480885e395630eee45c4c510c24453715282040474754120cd5fc0b3a0d7b
                                                                                                                                                                                      • Instruction ID: 470df0db023f03e25cd94759c76c69df5f28408974996694c79e49d89c94f915
                                                                                                                                                                                      • Opcode Fuzzy Hash: e8f480885e395630eee45c4c510c24453715282040474754120cd5fc0b3a0d7b
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A3104327096C08AEB19CF6AE402B9D7225F785BD8F99D02CDE5D47B58DB39C44AC700
                                                                                                                                                                                      Function 00007FFDFAFC1C76 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 57stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: strcmp
                                                                                                                                                                                      • String ID: ..\s\crypto\pem\pem_pkey.c$DH PARAMETERS$X9.42 DH PARAMETERS
                                                                                                                                                                                      • API String ID: 1004003707-3633731555
                                                                                                                                                                                      • Opcode ID: 030a65f3e35046576361d430bfd6d990099fe8f2133a894fb164c9d84277bcde
                                                                                                                                                                                      • Instruction ID: 66493bc4fb8f3dc1351365b12afb07ac9ca8780b0b7b5cc87dfadfc442c57567
                                                                                                                                                                                      • Opcode Fuzzy Hash: 030a65f3e35046576361d430bfd6d990099fe8f2133a894fb164c9d84277bcde
                                                                                                                                                                                      • Instruction Fuzzy Hash: EC21C721B0964781EB10DB52F4609A9A7A0FF857A4F504131FAAC477EDEF7DD254CB04
                                                                                                                                                                                      Function 61B09934 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 61B080F0: memcpy.MSVCRT ref: 61B08149
                                                                                                                                                                                        • Part of subcall function 61B080F0: PyOS_string_to_double.PYTHON39 ref: 61B0815B
                                                                                                                                                                                      • PyErr_Occurred.PYTHON39 ref: 61B09954
                                                                                                                                                                                      • PyFloat_FromDouble.PYTHON39 ref: 61B09B04
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: DoubleErr_Float_FromOccurredS_string_to_doublememcpy
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1362591179-0
                                                                                                                                                                                      • Opcode ID: 2a781aa106d92ce728ea6b428f98ef3ad4ed2d3642e3f3361321aee736f867b9
                                                                                                                                                                                      • Instruction ID: 5efa58799fe88fcf4ffac9f1d095048c9a1d39557686adabbb25fbb923c226cc
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a781aa106d92ce728ea6b428f98ef3ad4ed2d3642e3f3361321aee736f867b9
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4101217120568086F60DDB75C5A8B5E7BAAEB86756F0BEA04CE0A17260DF35E485CB80
                                                                                                                                                                                      Function 61B09780 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 61B07CA0: _PyFloat_Unpack8.PYTHON39 ref: 61B07CD1
                                                                                                                                                                                      • PyErr_Occurred.PYTHON39 ref: 61B097A0
                                                                                                                                                                                      • PyFloat_FromDouble.PYTHON39 ref: 61B09AA4
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Float_$DoubleErr_FromOccurredUnpack8
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4123378784-0
                                                                                                                                                                                      • Opcode ID: 147a72d495da75988711dfb8c43eae631405d574ee493734c14594fd00201ddf
                                                                                                                                                                                      • Instruction ID: 7620ed43d713e89a00234f1f34cd981e573c3b2ddf390a77280724d7ccf68b46
                                                                                                                                                                                      • Opcode Fuzzy Hash: 147a72d495da75988711dfb8c43eae631405d574ee493734c14594fd00201ddf
                                                                                                                                                                                      • Instruction Fuzzy Hash: D401757120629087F90DCB65C5A8B5E7BAAEB86742F16EA04CE0A07250DB35E4C1CB80
                                                                                                                                                                                      Function 61B09690 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Err_FromLongLong_Occurred
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4098471257-0
                                                                                                                                                                                      • Opcode ID: 3a48faebf6879efb2eab34b28e51c189b61e8a672321ff99561f056f55394361
                                                                                                                                                                                      • Instruction ID: ba344f7e6db1be14c50036e5d1a7db34502b14c4a71f8076762646a102aacd40
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3a48faebf6879efb2eab34b28e51c189b61e8a672321ff99561f056f55394361
                                                                                                                                                                                      • Instruction Fuzzy Hash: F201FF7130669086FA0CCB75C4E8B5E3BA6EB86B42F0AE914CE1A07250DF34D885CB80
                                                                                                                                                                                      Function 00007FF799694D3C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                      • String ID: ?
                                                                                                                                                                                      • API String ID: 1286766494-1684325040
                                                                                                                                                                                      • Opcode ID: 8b5d587ec6f6b7eed71ba39116b338de031c50ce5c8dd23bba2b14458f06a6e4
                                                                                                                                                                                      • Instruction ID: 6b01e440941dc5163ab57b0ecb3ed7e5a68d92ee47a57b60a1306a6ed90a2512
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b5d587ec6f6b7eed71ba39116b338de031c50ce5c8dd23bba2b14458f06a6e4
                                                                                                                                                                                      • Instruction Fuzzy Hash: 73411613B0829256FB74AF36941137AE6B2EF85BA4F944235EF6C07AD9DE3CD4418710
                                                                                                                                                                                      Function 00007FFDFAFC2743 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 118COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _time64
                                                                                                                                                                                      • String ID: %02d%02d%02d%02d%02d%02dZ$%04d%02d%02d%02d%02d%02dZ
                                                                                                                                                                                      • API String ID: 1670930206-2648760357
                                                                                                                                                                                      • Opcode ID: 35c0674a6fc9a5195c317095fe527ac94bcdae6bb520b7aade9e85fd0519ba43
                                                                                                                                                                                      • Instruction ID: 104a1084bdd030ca991e00cb6c324ee77ca02b8a290dac0a43c91bf7ae2bd8da
                                                                                                                                                                                      • Opcode Fuzzy Hash: 35c0674a6fc9a5195c317095fe527ac94bcdae6bb520b7aade9e85fd0519ba43
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8251B532B0D7828AE760DF15E451B6AB7A1FB89790F144131EA9D87BADDF3CE5408B00
                                                                                                                                                                                      Function 00007FFDFAFC1613 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: getaddrinfo
                                                                                                                                                                                      • String ID: ..\s\crypto\bio\b_addr.c
                                                                                                                                                                                      • API String ID: 300660673-2547254400
                                                                                                                                                                                      • Opcode ID: cee4118a91f4e298bb24630199019e17d2161ccb3740edd78188986782efcc03
                                                                                                                                                                                      • Instruction ID: 58f8cebfe5abcad5c4f1c76298455d1bac899c4a0a1a117c901299c3b2c1f489
                                                                                                                                                                                      • Opcode Fuzzy Hash: cee4118a91f4e298bb24630199019e17d2161ccb3740edd78188986782efcc03
                                                                                                                                                                                      • Instruction Fuzzy Hash: DE41F572B18A8387E714DF12A850ABA7390FB85784F018135FAA947BE9DF3CD5459B04
                                                                                                                                                                                      Function 00007FF799687E6C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • _invalid_parameter_noinfo.LIBCMT ref: 00007FF799687E9E
                                                                                                                                                                                        • Part of subcall function 00007FF799689E18: RtlFreeHeap.NTDLL(?,?,?,00007FF799691E42,?,?,?,00007FF799691E7F,?,?,00000000,00007FF799692345,?,?,?,00007FF799692277), ref: 00007FF799689E2E
                                                                                                                                                                                        • Part of subcall function 00007FF799689E18: GetLastError.KERNEL32(?,?,?,00007FF799691E42,?,?,?,00007FF799691E7F,?,?,00000000,00007FF799692345,?,?,?,00007FF799692277), ref: 00007FF799689E38
                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF79967B105), ref: 00007FF799687EBC
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                      • String ID: C:\Users\user\Desktop\datasett.exe
                                                                                                                                                                                      • API String ID: 3580290477-1493852099
                                                                                                                                                                                      • Opcode ID: 7be78eb059dea3495cc358456d23a898a8a026444ba3d0a56d0d7994263981b4
                                                                                                                                                                                      • Instruction ID: d69124471f018cccae0e80c5d84f1b3ef7d7639a628cb99532278cae2eb1c6d6
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7be78eb059dea3495cc358456d23a898a8a026444ba3d0a56d0d7994263981b4
                                                                                                                                                                                      • Instruction Fuzzy Hash: 26413D32A08B52C5FB24EF3694800B8E7BAEF45794BD44035EA5E47B85DF3DE5518360
                                                                                                                                                                                      Function 00007FF79968E508 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914051498.00007FF799671000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF799670000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2913966908.00007FF799670000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914079249.00007FF79969A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996B0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914103850.00007FF7996BC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914192435.00007FF7996BE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ff799670000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CurrentDirectory
                                                                                                                                                                                      • String ID: :
                                                                                                                                                                                      • API String ID: 1611563598-336475711
                                                                                                                                                                                      • Opcode ID: 8d0047e3d49e2942e9dd2ecd46bdb5543a301835a32119f1e21a6d0f1ab18d67
                                                                                                                                                                                      • Instruction ID: a09eeda34d77d794f760f5627ac5d5e08f744e5ed0c2a8ee637f2b01ea036148
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8d0047e3d49e2942e9dd2ecd46bdb5543a301835a32119f1e21a6d0f1ab18d67
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F21C162B0868182FB31BF26D45426DE3B3FB98B84FC54035DAAC03684DF7DE9458761
                                                                                                                                                                                      Function 00007FFDFAFC3387 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorLastgetsockname
                                                                                                                                                                                      • String ID: ..\s\crypto\bio\b_sock.c
                                                                                                                                                                                      • API String ID: 566540725-540685895
                                                                                                                                                                                      • Opcode ID: 3f7e4d637075843b50ffdfd6546d49ef448eefcf8eb4d6d42073b27a69ad320d
                                                                                                                                                                                      • Instruction ID: 92503147ae632237ec23ffdb9da8cbdf6333493e9a05068d1fbafd3e6cbc45c2
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f7e4d637075843b50ffdfd6546d49ef448eefcf8eb4d6d42073b27a69ad320d
                                                                                                                                                                                      • Instruction Fuzzy Hash: A121AE71B4950792E711DB21E824AED6360EF81715F800231E67C46AE8DF3DE685DB00
                                                                                                                                                                                      Function 61B07570 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Err_Format
                                                                                                                                                                                      • String ID: %s (%d:%d)
                                                                                                                                                                                      • API String ID: 376477240-1595188566
                                                                                                                                                                                      • Opcode ID: 00c3533c023e4da3be8f580cc063e031e8879b4c214c86249d69b3b2627af083
                                                                                                                                                                                      • Instruction ID: c416941eeea2aa90f20695cdbd0374834c98be1a298bd9f5e6dde5f4c6bccc82
                                                                                                                                                                                      • Opcode Fuzzy Hash: 00c3533c023e4da3be8f580cc063e031e8879b4c214c86249d69b3b2627af083
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0401D633A006D481F708A719E8803DD7B61EB8AB55F8D9121CE9D173A1DF6AC982C380
                                                                                                                                                                                      Function 00007FFDFAEA562C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914267094.00007FFDFAEA1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAEA0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914243897.00007FFDFAEA0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAEA6000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF4E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF52000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914528563.00007FFDFAFAF000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914549078.00007FFDFAFB1000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaea0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: String$Err_FromUnicode_
                                                                                                                                                                                      • String ID: no such name
                                                                                                                                                                                      • API String ID: 3678473424-4211486178
                                                                                                                                                                                      • Opcode ID: c693d65a71385824535150e9ecccdcb2d57a8484d62f3ec6bd54bdc843b8de53
                                                                                                                                                                                      • Instruction ID: 1e60758b8ac3a6cdb871c6103a25f9bce5f22473b1703e42a021a2b407aaeee3
                                                                                                                                                                                      • Opcode Fuzzy Hash: c693d65a71385824535150e9ecccdcb2d57a8484d62f3ec6bd54bdc843b8de53
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B014FB1B18942C1FB24AB21E820BB563A4EF99B44F410071DA6F4E698EE2DE4058610
                                                                                                                                                                                      Function 00007FFDFAEA4F7C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914267094.00007FFDFAEA1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAEA0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914243897.00007FFDFAEA0000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAEA6000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF4E000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAF52000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914286336.00007FFDFAFAB000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914528563.00007FFDFAFAF000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914549078.00007FFDFAFB1000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfaea0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: DigitErr_StringUnicode_
                                                                                                                                                                                      • String ID: not a digit
                                                                                                                                                                                      • API String ID: 1987352478-3016634541
                                                                                                                                                                                      • Opcode ID: 0b9ad4f3aa939a32d557f2305bb1fb67aaf27e1b0e1bf64190b3ffb6a1a6d7d6
                                                                                                                                                                                      • Instruction ID: 54214e43a8e947dc28a4a37b349d3ab53e3560338e70f858062d86e4fc4c01f4
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0b9ad4f3aa939a32d557f2305bb1fb67aaf27e1b0e1bf64190b3ffb6a1a6d7d6
                                                                                                                                                                                      • Instruction Fuzzy Hash: 77F03095B0890781FF1C6B259470C7452A0EF99F48B0824B0C93F8E2D8EE1EA8998300
                                                                                                                                                                                      Function 00007FFDFAFC6BEA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21networkCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorLastioctlsocket
                                                                                                                                                                                      • String ID: ..\s\crypto\bio\b_sock.c
                                                                                                                                                                                      • API String ID: 1021210092-540685895
                                                                                                                                                                                      • Opcode ID: 4461a209f28e95a1d17e1fe27fd0101058cda89b9424f7b2e88bf19f5e6d7981
                                                                                                                                                                                      • Instruction ID: 1c05b01698bed256cab0767572527e4273978e7ff1aebf686832a75623132d43
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4461a209f28e95a1d17e1fe27fd0101058cda89b9424f7b2e88bf19f5e6d7981
                                                                                                                                                                                      • Instruction Fuzzy Hash: 28E09A60F4B90387F3126B629824F792350AF0974AF004230F93D8AAE8DE3DE2588A04
                                                                                                                                                                                      Function 00007FFDFB1FB3F0 Relevance: 5.2, APIs: 4, Instructions: 239COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • memchr.VCRUNTIME140(00007FFDFB1FB35B,00000000,?,00000000,00007FFDFB1FA5F9), ref: 00007FFDFB1FB52B
                                                                                                                                                                                      • memchr.VCRUNTIME140(00007FFDFB1FB35B,00000000,?,00000000,00007FFDFB1FA5F9), ref: 00007FFDFB1FB573
                                                                                                                                                                                      • memchr.VCRUNTIME140(00007FFDFB1FB35B,00000000,?,00000000,00007FFDFB1FA5F9), ref: 00007FFDFB1FB58D
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: memchr
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3297308162-0
                                                                                                                                                                                      • Opcode ID: 894b152478e49585909b4f884bd3c79ebd5a6dd4ef0c1a77e308b87e5181a23f
                                                                                                                                                                                      • Instruction ID: dc4095066a53e4d24a43de99729a945616ec5f540a16aa027eda1fcd1cb4695b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 894b152478e49585909b4f884bd3c79ebd5a6dd4ef0c1a77e308b87e5181a23f
                                                                                                                                                                                      • Instruction Fuzzy Hash: BC91EA6BF096C281EB208B16D5A453AABA1FB85BC8F584035DF5D837F9CE2DE445C700
                                                                                                                                                                                      Function 00007FFDFAFC53E4 Relevance: 5.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2914592961.00007FFDFAFC1000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDFAFC0000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2914572919.00007FFDFAFC0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFAFCD000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB025000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB039000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB04A000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB050000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB05D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914592961.00007FFDFB20D000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB20F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB23A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB26B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB291000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2914870560.00007FFDFB2B7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915017062.00007FFDFB2DF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915036786.00007FFDFB2E5000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB2E7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB303000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2915055494.00007FFDFB307000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_7ffdfafc0000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: memmove
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2162964266-0
                                                                                                                                                                                      • Opcode ID: a23466d681eb0a4b59ef0f4ee0ccc74a58dbd7c3bc8a430191d22eb2a2f2a2f8
                                                                                                                                                                                      • Instruction ID: 63ad0262b3f7ca1018deca4d8afeb89371ef42ecfdb318eda129833c1ee759e8
                                                                                                                                                                                      • Opcode Fuzzy Hash: a23466d681eb0a4b59ef0f4ee0ccc74a58dbd7c3bc8a430191d22eb2a2f2a2f8
                                                                                                                                                                                      • Instruction Fuzzy Hash: D6119362B0564292D750DB2AE6505E96360FF447D0F848531FBAD87BEEEF28E591C700
                                                                                                                                                                                      Function 61B7E010 Relevance: 5.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000001.00000002.2911374689.0000000061B01000.00000020.00000001.01000000.00000008.sdmp, Offset: 61B00000, based on PE: true
                                                                                                                                                                                      • Associated: 00000001.00000002.2911344158.0000000061B00000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911460298.0000000061B7F000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911478424.0000000061B83000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911507002.0000000061B84000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911548166.0000000061B99000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911569567.0000000061B9E000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911595706.0000000061BA0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000001.00000002.2911625399.0000000061BA4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_1_2_61b00000_datasett.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CriticalSection$EnterLeavefree
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4020351045-0
                                                                                                                                                                                      • Opcode ID: f98d655d79458ae7ef109b3067db563f1dde0830edff20af3cbcf19b1a5ba07b
                                                                                                                                                                                      • Instruction ID: 3e3a696539e60969143b9ca1d2a8864a7afd2aef09b89adbf086b137fbb3e046
                                                                                                                                                                                      • Opcode Fuzzy Hash: f98d655d79458ae7ef109b3067db563f1dde0830edff20af3cbcf19b1a5ba07b
                                                                                                                                                                                      • Instruction Fuzzy Hash: CC01757131564487EB1DCBA6E8923DD2362FBC9B44F989819DA2D87310EB29C4A6C340